Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41182 (GCVE-0-2021-41182)
Vulnerability from cvelistv5 – Published: 2021-10-26 00:00 – Updated: 2025-02-13 16:28
VLAI?
EPSS
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery-ui",
"vendor": "jquery",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"source": {
"advisory": "GHSA-9gj3-hwp5-pmwc",
"discovery": "UNKNOWN"
},
"title": "XSS in the `altField` option of the Datepicker widget"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41182",
"datePublished": "2021-10-26T00:00:00.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:30.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*\", \"versionEndExcluding\": \"1.13.0\", \"matchCriteriaId\": \"EA897736-789A-461C-86F5-E7470E643213\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"108A2215-50FB-4074-94CF-C130FA14566D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.86\", \"matchCriteriaId\": \"013FAABA-8CDD-46AD-B321-9908634C880A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E812639B-EE28-4C68-9F6F-70C8BF981C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.11.0\", \"versionEndIncluding\": \"8.14.0\", \"matchCriteriaId\": \"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0.29\", \"matchCriteriaId\": \"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC99884C-17AD-4C42-B404-4E862175C1A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5659049-8C12-433D-9CE2-90615122CB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"737A843D-6B2F-4443-85FF-7B72B46A7251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC11D4E-23D3-49CE-A9B1-68477EF8C6F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DFBD39-0511-406D-B972-F3F11976229D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33157281-11A0-4700-99AB-40B7B9C57A9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10864586-270E-4ACF-BDCC-ECFCD299305F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38340E3C-C452-4370-86D4-355B6B4E0A06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.21.0\", \"matchCriteriaId\": \"CAB9A41F-91F1-40DF-BF12-6ADA7229A84C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.1.1\", \"matchCriteriaId\": \"48B23728-0050-4AF0-B8B0-A959CBAB4505\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDC6D658-09EA-4C41-869F-1C2EA163F751\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"23.1\", \"matchCriteriaId\": \"384DEDD9-CB26-4306-99D8-83068A9B23ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEF828F5-C666-40DA-98DD-CDF658D7090B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E812639B-EE28-4C68-9F6F-70C8BF981C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8865CE15-F9A1-4A46-AF93-B58356BDEE6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC63D10-2326-4542-B345-31D45B9A7408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.11.0\", \"versionEndIncluding\": \"8.14.0\", \"matchCriteriaId\": \"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2.6.3\", \"matchCriteriaId\": \"C5F35B8D-6F26-4682-8541-6F10EE2ACE7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.0\", \"versionEndIncluding\": \"12.2.25\", \"matchCriteriaId\": \"15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10864586-270E-4ACF-BDCC-ECFCD299305F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38340E3C-C452-4370-86D4-355B6B4E0A06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"22.1.1\", \"matchCriteriaId\": \"105BF985-2403-455E-BAA1-509245B54A1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"281F1ACB-3180-422C-BADF-B0AE5F50924E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\"}, {\"lang\": \"es\", \"value\": \"jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\\u00f3n 1.13.0, aceptar el valor de la opci\\u00f3n \\\"altField\\\" del widget Datepicker desde fuentes no confiables puede ejecutar c\\u00f3digo no confiable. El problema es corregido en jQuery UI versi\\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\\u00f3n \\\"altField\\\" se trata ahora como un selector CSS. Una soluci\\u00f3n es no aceptar el valor de la opci\\u00f3n \\\"altField\\\" de fuentes no confiables\"}]",
"id": "CVE-2021-41182",
"lastModified": "2024-11-21T06:25:41.707",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-10-26T15:15:10.313",
"references": "[{\"url\": \"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211118-0004/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-contrib-2022-004\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2022-002\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211118-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-contrib-2022-004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2022-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-41182\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-10-26T15:15:10.313\",\"lastModified\":\"2024-11-21T06:25:41.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\"},{\"lang\":\"es\",\"value\":\"jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \\\"altField\\\" del widget Datepicker desde fuentes no confiables puede ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \\\"altField\\\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \\\"altField\\\" de fuentes no confiables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*\",\"versionEndExcluding\":\"1.13.0\",\"matchCriteriaId\":\"EA897736-789A-461C-86F5-E7470E643213\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.86\",\"matchCriteriaId\":\"013FAABA-8CDD-46AD-B321-9908634C880A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.11.0\",\"versionEndIncluding\":\"8.14.0\",\"matchCriteriaId\":\"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.29\",\"matchCriteriaId\":\"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC99884C-17AD-4C42-B404-4E862175C1A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5659049-8C12-433D-9CE2-90615122CB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737A843D-6B2F-4443-85FF-7B72B46A7251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC11D4E-23D3-49CE-A9B1-68477EF8C6F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DFBD39-0511-406D-B972-F3F11976229D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33157281-11A0-4700-99AB-40B7B9C57A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21.0\",\"matchCriteriaId\":\"CAB9A41F-91F1-40DF-BF12-6ADA7229A84C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"48B23728-0050-4AF0-B8B0-A959CBAB4505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC6D658-09EA-4C41-869F-1C2EA163F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF828F5-C666-40DA-98DD-CDF658D7090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8865CE15-F9A1-4A46-AF93-B58356BDEE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.11.0\",\"versionEndIncluding\":\"8.14.0\",\"matchCriteriaId\":\"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.6.3\",\"matchCriteriaId\":\"C5F35B8D-6F26-4682-8541-6F10EE2ACE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.25\",\"matchCriteriaId\":\"15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"105BF985-2403-455E-BAA1-509245B54A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"281F1ACB-3180-422C-BADF-B0AE5F50924E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-contrib-2022-004\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-002\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-contrib-2022-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Control versions ant\u00e9rieures \u00e0 5.4.6",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar SOAR versions ant\u00e9rieures \u00e0 44.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-39031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39031"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-234550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-234550"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561029 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561029"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561005 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560969 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560969"
}
]
}
CERTFR-2022-AVI-962
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-962",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2022-AVI-504
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.5",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.2.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-504",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-12 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-11 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-11"
}
]
}
CERTFR-2022-AVI-058
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Drupal core. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Drupal versions 9.3 antérieures à 9.3.3
- Drupal versions 9.2 antérieures à 9.2.11
- Drupal versions 7 antérieures à 7.86
L'éditeur ne maintient plus les versions 8 et 9 antérieures à 9.2.x. Les utilisateurs d'une version obsolète doivent préalablement mettre à jour Drupal pour bénéficier des correctifs de sécurité.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eDrupal versions 9.3 ant\u00e9rieures \u00e0 9.3.3\u003c/li\u003e \u003cli\u003eDrupal versions 9.2 ant\u00e9rieures \u00e0 9.2.11\u003c/li\u003e \u003cli\u003eDrupal versions 7 ant\u00e9rieures \u00e0 7.86\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne maintient plus les versions 8 et 9 ant\u00e9rieures \u00e0 9.2.x. Les utilisateurs d\u0027une version obsol\u00e8te doivent pr\u00e9alablement mettre \u00e0 jour Drupal pour b\u00e9n\u00e9ficier des correctifs de s\u00e9curit\u00e9.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2016-7103",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7103"
},
{
"name": "CVE-2010-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5312"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Drupal core. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Drupal core",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Drupal core sa-core-2022-001 du 19 janvier 2022",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Drupal core sa-core-2022-002 du 19 janvier 2022",
"url": "https://www.drupal.org/sa-core-2022-002"
}
]
}
CERTFR-2022-AVI-205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Control versions ant\u00e9rieures \u00e0 5.4.6",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar SOAR versions ant\u00e9rieures \u00e0 44.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-39031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39031"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-234550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-234550"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561029 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561029"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6561005 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6561005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560969 du 03 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560969"
}
]
}
CERTFR-2022-AVI-654
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Oracle Database version 12.1.0.2
- Oracle Database version 19c
- Oracle Database version 21c
- Oracle Application Express versions antérieures à 22.1.1
Les versions d'Oracle Database qui ne sont plus sous maintenance sont affectées par la vulnérabilité CVE-2022-21510.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eOracle Database version 12.1.0.2\u003c/li\u003e \u003cli\u003eOracle Database version 19c\u003c/li\u003e \u003cli\u003eOracle Database version 21c\u003c/li\u003e \u003cli\u003eOracle Application Express versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions d\u0027Oracle Database qui ne sont plus sous maintenance sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-21510.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2020-26185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26185"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21511"
},
{
"name": "CVE-2022-21565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21565"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2020-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29505"
},
{
"name": "CVE-2022-21432",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21432"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-29507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29507"
},
{
"name": "CVE-2020-29506",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29506"
},
{
"name": "CVE-2022-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0839"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2020-35169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35169"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21510"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-654",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB"
}
]
}
CERTFR-2022-AVI-658
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft version 8.59 | ||
| Oracle | PeopleSoft | PeopleSoft version 8.58 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft version 8.59",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft version 8.58",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21512"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21543"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21520"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2022-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21521"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixPS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#PS"
}
]
}
CERTFR-2023-AVI-0671
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.23 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.16 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.10 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.5 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.23",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40324"
},
{
"name": "CVE-2023-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40323"
},
{
"name": "CVE-2023-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40319"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40318"
},
{
"name": "CVE-2023-40320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40320"
},
{
"name": "CVE-2023-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40322"
},
{
"name": "CVE-2023-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40316"
},
{
"name": "CVE-2023-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40321"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-39369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39369"
},
{
"name": "CVE-2023-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40325"
},
{
"name": "CVE-2023-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40317"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0020 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0026 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449647"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0025 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449646"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0024 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449645"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0030 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0028 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449649"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0029 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0023 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449644"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0021 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0022 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0027 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449648"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0019 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449640"
}
]
}
CERTFR-2022-AVI-962
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-962",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2022-AVI-712
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar User Behavior Analytics versions antérieures à 4.1.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.8",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-29489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29489"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-712",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610741 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610741"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610729 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610729"
}
]
}
CERTFR-2022-AVI-658
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft version 8.59 | ||
| Oracle | PeopleSoft | PeopleSoft version 8.58 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft version 8.59",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft version 8.58",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21512"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21543"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21520"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2022-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21521"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixPS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#PS"
}
]
}
CERTFR-2022-AVI-712
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar User Behavior Analytics versions antérieures à 4.1.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.8",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-29489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29489"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-712",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610741 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610741"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6610729 du 05 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6610729"
}
]
}
CERTFR-2022-AVI-386
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 antérieure à 7.5.0 UP1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 antérieures à 7.4.3 FP5 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 antérieures à 7.3.3 FP11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 ant\u00e9rieure \u00e0 7.5.0 UP1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 ant\u00e9rieures \u00e0 7.3.3 FP11",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2021-38919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38919"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-38939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38939"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-38874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38874"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2021-38869",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38869"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-24370",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24370"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2020-16135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16135"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-29776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29776"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22345"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-38878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38878"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574453 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574453"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574787 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574787"
}
]
}
CERTFR-2022-AVI-370
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-24828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24828"
},
{
"name": "CVE-2021-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21707"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-41116",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41116"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-09 du 20 avril 2022",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
}
CERTFR-2022-AVI-058
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Drupal core. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Drupal versions 9.3 antérieures à 9.3.3
- Drupal versions 9.2 antérieures à 9.2.11
- Drupal versions 7 antérieures à 7.86
L'éditeur ne maintient plus les versions 8 et 9 antérieures à 9.2.x. Les utilisateurs d'une version obsolète doivent préalablement mettre à jour Drupal pour bénéficier des correctifs de sécurité.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eDrupal versions 9.3 ant\u00e9rieures \u00e0 9.3.3\u003c/li\u003e \u003cli\u003eDrupal versions 9.2 ant\u00e9rieures \u00e0 9.2.11\u003c/li\u003e \u003cli\u003eDrupal versions 7 ant\u00e9rieures \u00e0 7.86\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne maintient plus les versions 8 et 9 ant\u00e9rieures \u00e0 9.2.x. Les utilisateurs d\u0027une version obsol\u00e8te doivent pr\u00e9alablement mettre \u00e0 jour Drupal pour b\u00e9n\u00e9ficier des correctifs de s\u00e9curit\u00e9.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2016-7103",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7103"
},
{
"name": "CVE-2010-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5312"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Drupal core. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Drupal core",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Drupal core sa-core-2022-001 du 19 janvier 2022",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Drupal core sa-core-2022-002 du 19 janvier 2022",
"url": "https://www.drupal.org/sa-core-2022-002"
}
]
}
CERTFR-2022-AVI-429
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-429",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Nessus Network\nMonitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nessus tns-2022-10 du 09 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-10"
}
]
}
CERTFR-2022-AVI-370
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-24828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24828"
},
{
"name": "CVE-2021-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21707"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-41116",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41116"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-09 du 20 avril 2022",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
}
CERTFR-2022-AVI-993
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-993",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2023-AVI-0701
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Universal Forwarder | Universal Forwarder versions 9.0.x antérieures à 9.0.6 | ||
| Splunk | N/A | Splunk ITSI versions 4.15.x antérieures à 4.15.3 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk Cloud versions antérieures à 9.0.2305.200 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk ITSI versions 4.13.x antérieures à 4.13.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.0.x antérieures à 9.0.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Universal Forwarder versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.15.x ant\u00e9rieures \u00e0 4.15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2305.200",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.13.x ant\u00e9rieures \u00e0 4.13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2022-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2021-27919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
},
{
"name": "CVE-2019-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20454"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4571"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40592"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-40596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40596"
},
{
"name": "CVE-2023-40594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40594"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2023-40595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40595"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2023-40597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40597"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-40598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40598"
},
{
"name": "CVE-2013-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2023-40593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40593"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2021-20066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20066"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0802 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0804 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0806 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0810 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0807 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0808 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0808"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0803 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0801 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0805 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0809 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0809"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0811 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0811"
}
]
}
CERTFR-2023-AVI-0219
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Sterling B2B Integrator. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.2",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22876"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2014-8152",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8152"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Sterling B2B\nIntegrator. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Sterling B2B Integrator",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963093 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963093"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963091 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963091"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963103 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963085 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963085"
}
]
}
CERTFR-2023-AVI-0671
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.23 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.16 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.10 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.5 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.23",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40324"
},
{
"name": "CVE-2023-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40323"
},
{
"name": "CVE-2023-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40319"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40318"
},
{
"name": "CVE-2023-40320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40320"
},
{
"name": "CVE-2023-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40322"
},
{
"name": "CVE-2023-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40316"
},
{
"name": "CVE-2023-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40321"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-39369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39369"
},
{
"name": "CVE-2023-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40325"
},
{
"name": "CVE-2023-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40317"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0020 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0026 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449647"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0025 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449646"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0024 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449645"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0030 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0028 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449649"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0029 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0023 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449644"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0021 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0022 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0027 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449648"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0019 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449640"
}
]
}
CERTFR-2023-AVI-0701
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Universal Forwarder | Universal Forwarder versions 9.0.x antérieures à 9.0.6 | ||
| Splunk | N/A | Splunk ITSI versions 4.15.x antérieures à 4.15.3 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk Cloud versions antérieures à 9.0.2305.200 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk ITSI versions 4.13.x antérieures à 4.13.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.0.x antérieures à 9.0.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Universal Forwarder versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.15.x ant\u00e9rieures \u00e0 4.15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2305.200",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.13.x ant\u00e9rieures \u00e0 4.13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2022-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2021-27919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
},
{
"name": "CVE-2019-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20454"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4571"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40592"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-40596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40596"
},
{
"name": "CVE-2023-40594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40594"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2023-40595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40595"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2023-40597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40597"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-40598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40598"
},
{
"name": "CVE-2013-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2023-40593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40593"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2021-20066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20066"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0802 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0804 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0806 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0810 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0807 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0808 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0808"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0803 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0801 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0805 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0809 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0809"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0811 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0811"
}
]
}
CERTFR-2023-AVI-0219
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Sterling B2B Integrator. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.2",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22876"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2014-8152",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8152"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Sterling B2B\nIntegrator. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Sterling B2B Integrator",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963093 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963093"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963091 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963091"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963103 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963085 du 13 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963085"
}
]
}
CERTFR-2022-AVI-386
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 antérieure à 7.5.0 UP1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 antérieures à 7.4.3 FP5 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 antérieures à 7.3.3 FP11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 ant\u00e9rieure \u00e0 7.5.0 UP1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 ant\u00e9rieures \u00e0 7.3.3 FP11",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2021-38919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38919"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-38939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38939"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-38874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38874"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2021-38869",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38869"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-24370",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24370"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2020-16135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16135"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-29776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29776"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22345"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-38878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38878"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574453 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574453"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574787 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574787"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2022-AVI-654
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Oracle Database version 12.1.0.2
- Oracle Database version 19c
- Oracle Database version 21c
- Oracle Application Express versions antérieures à 22.1.1
Les versions d'Oracle Database qui ne sont plus sous maintenance sont affectées par la vulnérabilité CVE-2022-21510.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eOracle Database version 12.1.0.2\u003c/li\u003e \u003cli\u003eOracle Database version 19c\u003c/li\u003e \u003cli\u003eOracle Database version 21c\u003c/li\u003e \u003cli\u003eOracle Application Express versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions d\u0027Oracle Database qui ne sont plus sous maintenance sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-21510.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2020-26185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26185"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-21511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21511"
},
{
"name": "CVE-2022-21565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21565"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2020-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29505"
},
{
"name": "CVE-2022-21432",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21432"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-29507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29507"
},
{
"name": "CVE-2020-29506",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29506"
},
{
"name": "CVE-2022-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0839"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2020-35169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35169"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21510"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-654",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB"
}
]
}
CERTFR-2022-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2021-39002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-38926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2021-29678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
},
{
"name": "CVE-2020-35508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-38951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2021-23727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-38931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
},
{
"name": "CVE-2021-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-20373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2021-33026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2020-35513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6445699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562849"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562919"
}
]
}
CERTFR-2022-AVI-993
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2022-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-993",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
"url": "https://www.tenable.com/security/tns-2022-21"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2022-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2021-39002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-38926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2021-29678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
},
{
"name": "CVE-2020-35508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-38951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2021-23727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-38931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
},
{
"name": "CVE-2021-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-20373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2021-33026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2020-35513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6445699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562849"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562919"
}
]
}
CERTFR-2022-AVI-504
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.5",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.2.0",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-504",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-12 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-11 du 26 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-11"
}
]
}
CERTFR-2022-AVI-429
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-429",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Nessus Network\nMonitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nessus tns-2022-10 du 09 mai 2022",
"url": "https://www.tenable.com/security/tns-2022-10"
}
]
}
GSD-2021-41182
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41182",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"id": "GSD-2021-41182",
"references": [
"https://www.suse.com/security/cve/CVE-2021-41182.html",
"https://access.redhat.com/errata/RHSA-2022:4711"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-41182"
],
"details": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"id": "GSD-2021-41182",
"modified": "2023-12-13T01:23:27.077364Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery-ui",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 1.13.0"
}
]
}
}
]
},
"vendor_name": "jquery"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"name": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"name": "https://www.drupal.org/sa-core-2022-002",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-contrib-2022-004",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
},
"source": {
"advisory": "GHSA-9gj3-hwp5-pmwc",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.13.0",
"affected_versions": "All versions before 1.13.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-06-21",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"fixed_versions": [
"1.13.0"
],
"identifier": "CVE-2021-41182",
"identifiers": [
"CVE-2021-41182",
"GHSA-9gj3-hwp5-pmwc"
],
"not_impacted": "All versions starting from 1.13.0",
"package_slug": "npm/jquery-ui",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 1.13.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
"https://www.drupal.org/sa-contrib-2022-004",
"https://www.drupal.org/sa-core-2022-002",
"https://github.com/advisories/GHSA-9gj3-hwp5-pmwc"
],
"uuid": "ed7f50b1-248e-4be1-be8f-7a51d2e5ab9e"
},
{
"affected_range": "\u003e=7.0,\u003c7.86",
"affected_versions": "All versions starting from 7.0 before 7.86",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-06-21",
"description": "jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"fixed_versions": [
"8.0.0"
],
"identifier": "CVE-2021-41182",
"identifiers": [
"CVE-2021-41182",
"GHSA-9gj3-hwp5-pmwc"
],
"not_impacted": "All versions before 7.0, all versions starting from 7.86",
"package_slug": "packagist/drupal/drupal",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 8.0.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://www.drupal.org/sa-contrib-2022-004",
"https://www.drupal.org/sa-core-2022-002",
"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
],
"uuid": "989fdd71-9daf-45f5-88b5-20cbce155747"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41182"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"name": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-contrib-2022-004",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"name": "https://www.drupal.org/sa-core-2022-002",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-08-31T03:15Z",
"publishedDate": "2021-10-26T15:15Z"
}
}
}
FKIE_CVE-2021-41182
Vulnerability from fkie_nvd - Published: 2021-10-26 15:15 - Updated: 2024-11-21 06:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc | Exploit, Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| security-advisories@github.com | https://www.drupal.org/sa-contrib-2022-004 | Third Party Advisory | |
| security-advisories@github.com | https://www.drupal.org/sa-core-2022-002 | Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/sa-contrib-2022-004 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/sa-core-2022-002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jqueryui | jquery_ui | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| debian | debian_linux | 9.0 | |
| drupal | drupal | * | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | hospitality_suite8 | * | |
| oracle | hospitality_suite8 | 8.10.2 | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | primavera_unifier | 17.7 | |
| oracle | primavera_unifier | 17.8 | |
| oracle | primavera_unifier | 17.9 | |
| oracle | primavera_unifier | 17.10 | |
| oracle | primavera_unifier | 17.11 | |
| oracle | primavera_unifier | 17.12 | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 | |
| tenable | tenable.sc | * | |
| oracle | agile_plm | 9.3.6 | |
| oracle | application_express | * | |
| oracle | banking_platform | 2.9.0 | |
| oracle | banking_platform | 2.12.0 | |
| oracle | big_data_spatial_and_graph | * | |
| oracle | big_data_spatial_and_graph | 23.1 | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | hospitality_inventory_management | 9.1.0 | |
| oracle | hospitality_materials_control | 18.1 | |
| oracle | hospitality_suite8 | * | |
| oracle | hospitality_suite8 | 8.10.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | policy_automation | * | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| oracle | rest_data_services | * | |
| oracle | rest_data_services | 22.1.1 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"matchCriteriaId": "EA897736-789A-461C-86F5-E7470E643213",
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "013FAABA-8CDD-46AD-B321-9908634C880A",
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F4B5F0-6B78-4A94-AD83-6B78D484E298",
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC99884C-17AD-4C42-B404-4E862175C1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5659049-8C12-433D-9CE2-90615122CB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "737A843D-6B2F-4443-85FF-7B72B46A7251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC11D4E-23D3-49CE-A9B1-68477EF8C6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DFBD39-0511-406D-B972-F3F11976229D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33157281-11A0-4700-99AB-40B7B9C57A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB9A41F-91F1-40DF-BF12-6ADA7229A84C",
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B23728-0050-4AF0-B8B0-A959CBAB4505",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF828F5-C666-40DA-98DD-CDF658D7090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8865CE15-F9A1-4A46-AF93-B58356BDEE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F4B5F0-6B78-4A94-AD83-6B78D484E298",
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F35B8D-6F26-4682-8541-6F10EE2ACE7E",
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8",
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"matchCriteriaId": "281F1ACB-3180-422C-BADF-B0AE5F50924E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
},
{
"lang": "es",
"value": "jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \"altField\" del widget Datepicker desde fuentes no confiables puede ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \"altField\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \"altField\" de fuentes no confiables"
}
],
"id": "CVE-2021-41182",
"lastModified": "2024-11-21T06:25:41.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-26T15:15:10.313",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2022:4711
Vulnerability from csaf_redhat - Published: 2022-05-26 16:25 - Updated: 2025-11-21 18:31Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util (CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4711",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"category": "external",
"summary": "655153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655153"
},
{
"category": "external",
"summary": "977778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977778"
},
{
"category": "external",
"summary": "1624015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624015"
},
{
"category": "external",
"summary": "1648985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648985"
},
{
"category": "external",
"summary": "1667517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667517"
},
{
"category": "external",
"summary": "1687845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687845"
},
{
"category": "external",
"summary": "1781241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781241"
},
{
"category": "external",
"summary": "1782056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782056"
},
{
"category": "external",
"summary": "1849169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849169"
},
{
"category": "external",
"summary": "1878930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878930"
},
{
"category": "external",
"summary": "1922977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922977"
},
{
"category": "external",
"summary": "1926625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926625"
},
{
"category": "external",
"summary": "1927985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927985"
},
{
"category": "external",
"summary": "1944290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944290"
},
{
"category": "external",
"summary": "1944834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944834"
},
{
"category": "external",
"summary": "1956295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956295"
},
{
"category": "external",
"summary": "1959186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959186"
},
{
"category": "external",
"summary": "1964208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964208"
},
{
"category": "external",
"summary": "1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "1971622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971622"
},
{
"category": "external",
"summary": "1974741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974741"
},
{
"category": "external",
"summary": "1979441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979441"
},
{
"category": "external",
"summary": "1979797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979797"
},
{
"category": "external",
"summary": "1980192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980192"
},
{
"category": "external",
"summary": "1986726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986726"
},
{
"category": "external",
"summary": "1986834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986834"
},
{
"category": "external",
"summary": "1987121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987121"
},
{
"category": "external",
"summary": "1988496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988496"
},
{
"category": "external",
"summary": "1990462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990462"
},
{
"category": "external",
"summary": "1991240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991240"
},
{
"category": "external",
"summary": "1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "1996123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996123"
},
{
"category": "external",
"summary": "1998255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998255"
},
{
"category": "external",
"summary": "1999698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999698"
},
{
"category": "external",
"summary": "2000031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000031"
},
{
"category": "external",
"summary": "2002283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002283"
},
{
"category": "external",
"summary": "2003883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003883"
},
{
"category": "external",
"summary": "2003996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003996"
},
{
"category": "external",
"summary": "2006602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006602"
},
{
"category": "external",
"summary": "2006745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006745"
},
{
"category": "external",
"summary": "2007384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007384"
},
{
"category": "external",
"summary": "2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "2008798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008798"
},
{
"category": "external",
"summary": "2010203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010203"
},
{
"category": "external",
"summary": "2010903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010903"
},
{
"category": "external",
"summary": "2013928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013928"
},
{
"category": "external",
"summary": "2014888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014888"
},
{
"category": "external",
"summary": "2015796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015796"
},
{
"category": "external",
"summary": "2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "2021217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021217"
},
{
"category": "external",
"summary": "2023250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023250"
},
{
"category": "external",
"summary": "2023786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023786"
},
{
"category": "external",
"summary": "2024202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024202"
},
{
"category": "external",
"summary": "2025936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025936"
},
{
"category": "external",
"summary": "2030596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030596"
},
{
"category": "external",
"summary": "2030663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030663"
},
{
"category": "external",
"summary": "2031027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031027"
},
{
"category": "external",
"summary": "2035051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035051"
},
{
"category": "external",
"summary": "2037115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037115"
},
{
"category": "external",
"summary": "2037121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037121"
},
{
"category": "external",
"summary": "2040361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040361"
},
{
"category": "external",
"summary": "2040402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040402"
},
{
"category": "external",
"summary": "2040474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040474"
},
{
"category": "external",
"summary": "2041544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041544"
},
{
"category": "external",
"summary": "2043146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043146"
},
{
"category": "external",
"summary": "2044273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044273"
},
{
"category": "external",
"summary": "2048546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048546"
},
{
"category": "external",
"summary": "2050566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050566"
},
{
"category": "external",
"summary": "2050614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050614"
},
{
"category": "external",
"summary": "2051857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051857"
},
{
"category": "external",
"summary": "2052557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052557"
},
{
"category": "external",
"summary": "2052690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052690"
},
{
"category": "external",
"summary": "2054756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054756"
},
{
"category": "external",
"summary": "2055136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055136"
},
{
"category": "external",
"summary": "2056021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056021"
},
{
"category": "external",
"summary": "2056052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056052"
},
{
"category": "external",
"summary": "2056126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056126"
},
{
"category": "external",
"summary": "2058264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058264"
},
{
"category": "external",
"summary": "2059521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059521"
},
{
"category": "external",
"summary": "2059877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059877"
},
{
"category": "external",
"summary": "2061904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061904"
},
{
"category": "external",
"summary": "2065052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065052"
},
{
"category": "external",
"summary": "2066084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066084"
},
{
"category": "external",
"summary": "2066283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066283"
},
{
"category": "external",
"summary": "2069972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069972"
},
{
"category": "external",
"summary": "2070156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070156"
},
{
"category": "external",
"summary": "2071468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071468"
},
{
"category": "external",
"summary": "2072637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072637"
},
{
"category": "external",
"summary": "2072639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072639"
},
{
"category": "external",
"summary": "2072641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072641"
},
{
"category": "external",
"summary": "2072642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072642"
},
{
"category": "external",
"summary": "2072645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072645"
},
{
"category": "external",
"summary": "2072646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072646"
},
{
"category": "external",
"summary": "2075352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075352"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4711.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
"tracking": {
"current_release_date": "2025-11-21T18:31:13+00:00",
"generator": {
"date": "2025-11-21T18:31:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:4711",
"initial_release_date": "2022-05-26T16:25:03+00:00",
"revision_history": [
{
"date": "2022-05-26T16:25:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-26T16:25:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:31:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd-javadoc@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_id": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-docutils@0.14-12.4.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch"
},
"product_reference": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2007557"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "RHBZ#2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
"url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
},
{
"cve": "CVE-2021-23425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-trim-off-newlines: ReDoS via string processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Directory Server 11 Web UI requires trim-off-newlines as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23425"
},
{
"category": "external",
"summary": "RHBZ#1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850",
"url": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850"
}
],
"release_date": "2021-05-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-trim-off-newlines: ReDoS via string processing"
},
{
"cve": "CVE-2021-33502",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1964461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-normalize-url: ReDoS for data URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33502"
},
{
"category": "external",
"summary": "RHBZ#1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
"url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-normalize-url: ReDoS for data URLs"
},
{
"cve": "CVE-2021-41182",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019144"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the altField option of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "RHBZ#2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the altField option of the datepicker widget"
},
{
"cve": "CVE-2021-41183",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019148"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in *Text options of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "RHBZ#2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in *Text options of the datepicker widget"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019153"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "RHBZ#2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util"
}
]
}
RHSA-2022_4711
Vulnerability from csaf_redhat - Published: 2022-05-26 16:25 - Updated: 2024-11-22 21:43Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util (CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4711",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"category": "external",
"summary": "655153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655153"
},
{
"category": "external",
"summary": "977778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977778"
},
{
"category": "external",
"summary": "1624015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624015"
},
{
"category": "external",
"summary": "1648985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648985"
},
{
"category": "external",
"summary": "1667517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667517"
},
{
"category": "external",
"summary": "1687845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687845"
},
{
"category": "external",
"summary": "1781241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781241"
},
{
"category": "external",
"summary": "1782056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782056"
},
{
"category": "external",
"summary": "1849169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849169"
},
{
"category": "external",
"summary": "1878930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878930"
},
{
"category": "external",
"summary": "1922977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922977"
},
{
"category": "external",
"summary": "1926625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926625"
},
{
"category": "external",
"summary": "1927985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927985"
},
{
"category": "external",
"summary": "1944290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944290"
},
{
"category": "external",
"summary": "1944834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944834"
},
{
"category": "external",
"summary": "1956295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956295"
},
{
"category": "external",
"summary": "1959186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959186"
},
{
"category": "external",
"summary": "1964208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964208"
},
{
"category": "external",
"summary": "1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "1971622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971622"
},
{
"category": "external",
"summary": "1974741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974741"
},
{
"category": "external",
"summary": "1979441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979441"
},
{
"category": "external",
"summary": "1979797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979797"
},
{
"category": "external",
"summary": "1980192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980192"
},
{
"category": "external",
"summary": "1986726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986726"
},
{
"category": "external",
"summary": "1986834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986834"
},
{
"category": "external",
"summary": "1987121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987121"
},
{
"category": "external",
"summary": "1988496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988496"
},
{
"category": "external",
"summary": "1990462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990462"
},
{
"category": "external",
"summary": "1991240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991240"
},
{
"category": "external",
"summary": "1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "1996123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996123"
},
{
"category": "external",
"summary": "1998255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998255"
},
{
"category": "external",
"summary": "1999698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999698"
},
{
"category": "external",
"summary": "2000031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000031"
},
{
"category": "external",
"summary": "2002283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002283"
},
{
"category": "external",
"summary": "2003883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003883"
},
{
"category": "external",
"summary": "2003996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003996"
},
{
"category": "external",
"summary": "2006602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006602"
},
{
"category": "external",
"summary": "2006745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006745"
},
{
"category": "external",
"summary": "2007384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007384"
},
{
"category": "external",
"summary": "2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "2008798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008798"
},
{
"category": "external",
"summary": "2010203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010203"
},
{
"category": "external",
"summary": "2010903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010903"
},
{
"category": "external",
"summary": "2013928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013928"
},
{
"category": "external",
"summary": "2014888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014888"
},
{
"category": "external",
"summary": "2015796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015796"
},
{
"category": "external",
"summary": "2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "2021217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021217"
},
{
"category": "external",
"summary": "2023250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023250"
},
{
"category": "external",
"summary": "2023786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023786"
},
{
"category": "external",
"summary": "2024202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024202"
},
{
"category": "external",
"summary": "2025936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025936"
},
{
"category": "external",
"summary": "2030596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030596"
},
{
"category": "external",
"summary": "2030663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030663"
},
{
"category": "external",
"summary": "2031027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031027"
},
{
"category": "external",
"summary": "2035051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035051"
},
{
"category": "external",
"summary": "2037115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037115"
},
{
"category": "external",
"summary": "2037121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037121"
},
{
"category": "external",
"summary": "2040361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040361"
},
{
"category": "external",
"summary": "2040402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040402"
},
{
"category": "external",
"summary": "2040474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040474"
},
{
"category": "external",
"summary": "2041544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041544"
},
{
"category": "external",
"summary": "2043146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043146"
},
{
"category": "external",
"summary": "2044273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044273"
},
{
"category": "external",
"summary": "2048546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048546"
},
{
"category": "external",
"summary": "2050566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050566"
},
{
"category": "external",
"summary": "2050614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050614"
},
{
"category": "external",
"summary": "2051857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051857"
},
{
"category": "external",
"summary": "2052557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052557"
},
{
"category": "external",
"summary": "2052690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052690"
},
{
"category": "external",
"summary": "2054756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054756"
},
{
"category": "external",
"summary": "2055136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055136"
},
{
"category": "external",
"summary": "2056021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056021"
},
{
"category": "external",
"summary": "2056052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056052"
},
{
"category": "external",
"summary": "2056126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056126"
},
{
"category": "external",
"summary": "2058264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058264"
},
{
"category": "external",
"summary": "2059521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059521"
},
{
"category": "external",
"summary": "2059877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059877"
},
{
"category": "external",
"summary": "2061904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061904"
},
{
"category": "external",
"summary": "2065052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065052"
},
{
"category": "external",
"summary": "2066084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066084"
},
{
"category": "external",
"summary": "2066283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066283"
},
{
"category": "external",
"summary": "2069972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069972"
},
{
"category": "external",
"summary": "2070156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070156"
},
{
"category": "external",
"summary": "2071468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071468"
},
{
"category": "external",
"summary": "2072637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072637"
},
{
"category": "external",
"summary": "2072639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072639"
},
{
"category": "external",
"summary": "2072641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072641"
},
{
"category": "external",
"summary": "2072642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072642"
},
{
"category": "external",
"summary": "2072645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072645"
},
{
"category": "external",
"summary": "2072646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072646"
},
{
"category": "external",
"summary": "2075352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075352"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4711.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
"tracking": {
"current_release_date": "2024-11-22T21:43:43+00:00",
"generator": {
"date": "2024-11-22T21:43:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:4711",
"initial_release_date": "2022-05-26T16:25:03+00:00",
"revision_history": [
{
"date": "2022-05-26T16:25:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-26T16:25:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:43:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd-javadoc@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_id": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-docutils@0.14-12.4.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch"
},
"product_reference": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2007557"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "RHBZ#2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
"url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
},
{
"cve": "CVE-2021-23425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-trim-off-newlines: ReDoS via string processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Directory Server 11 Web UI requires trim-off-newlines as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23425"
},
{
"category": "external",
"summary": "RHBZ#1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850",
"url": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850"
}
],
"release_date": "2021-05-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-trim-off-newlines: ReDoS via string processing"
},
{
"cve": "CVE-2021-33502",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1964461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-normalize-url: ReDoS for data URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33502"
},
{
"category": "external",
"summary": "RHBZ#1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
"url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-normalize-url: ReDoS for data URLs"
},
{
"cve": "CVE-2021-41182",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019144"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the altField option of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "RHBZ#2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the altField option of the datepicker widget"
},
{
"cve": "CVE-2021-41183",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019148"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in *Text options of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "RHBZ#2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in *Text options of the datepicker widget"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019153"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "RHBZ#2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util"
}
]
}
WID-SEC-W-2022-1729
Vulnerability from csaf_certbund - Published: 2021-11-01 23:00 - Updated: 2023-10-05 22:00Summary
jQuery: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1729 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1729.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1729 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1729"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6419-1 vom 2023-10-05",
"url": "https://ubuntu.com/security/notices/USN-6419-1"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03869 vom 2023-10-04",
"url": "https://support.hp.com/us-en/document/ish_9365285-9365309-16/HPSBPI03869"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CONTRIB-2022-004 vom 2022-01-19",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2889 vom 2022-01-19",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-011 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-011"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-002 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"category": "external",
"summary": "Drupal Security Advisory",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1729-1 vom 2022-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4711 vom 2022-05-26",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-11"
},
{
"category": "external",
"summary": "HCL Article KB0097697 vom 2022-04-07",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097697"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10",
"url": "http://www.auscert.org.au/bulletins/ESB-2022.2191"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10 vom 2022-05-09",
"url": "https://www.tenable.com/security/tns-2022-10"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3230 vom 2022-12-07",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html"
}
],
"source_lang": "en-US",
"title": "jQuery: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2023-10-05T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:36:30.047+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1729",
"initial_release_date": "2021-11-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Drupal und Debian aufgenommen"
},
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-05-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tenable und Red Hat aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "7",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-9D655503EA, FEDORA-2022-C4334D5277"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-BF18450366"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T029061",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Drupal",
"product": {
"name": "Open Source Drupal",
"product_id": "172446",
"product_identification_helper": {
"cpe": "cpe:/a:drupal:drupal:-"
}
}
},
{
"category": "product_name",
"name": "Open Source jQuery UI \u003c 1.13.0",
"product": {
"name": "Open Source jQuery UI \u003c 1.13.0",
"product_id": "T020872",
"product_identification_helper": {
"cpe": "cpe:/a:jquery:jquery:ui__1.13.0"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus",
"product": {
"name": "Tenable Security Nessus",
"product_id": "999278",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:-"
}
}
},
{
"category": "product_name",
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product_id": "T023141",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.0.1"
}
}
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41184"
}
]
}
WID-SEC-W-2023-2102
Vulnerability from csaf_certbund - Published: 2023-08-20 22:00 - Updated: 2023-08-20 22:00Summary
Moodle: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2102 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2102.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2102 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2102"
},
{
"category": "external",
"summary": "Moodle Security Announcements vom 2023-08-21",
"url": "https://moodle.org/mod/forum/view.php?id=7128"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-20T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:57:15.936+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2102",
"initial_release_date": "2023-08-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.2.2",
"product": {
"name": "Open Source Moodle \u003c 4.2.2",
"product_id": "T029425",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.2.2"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.1.5",
"product": {
"name": "Open Source Moodle \u003c 4.1.5",
"product_id": "T029426",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.5"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.0.10",
"product": {
"name": "Open Source Moodle \u003c 4.0.10",
"product_id": "T029427",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.0.10"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.11.16",
"product": {
"name": "Open Source Moodle \u003c 3.11.16",
"product_id": "T029428",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.11.16"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.9.23",
"product": {
"name": "Open Source Moodle \u003c 3.9.23",
"product_id": "T029429",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.9.23"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40325",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40325"
},
{
"cve": "CVE-2023-40324",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40324"
},
{
"cve": "CVE-2023-40323",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40323"
},
{
"cve": "CVE-2023-40322",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40322"
},
{
"cve": "CVE-2023-40321",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40321"
},
{
"cve": "CVE-2023-40320",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40320"
},
{
"cve": "CVE-2023-40319",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40319"
},
{
"cve": "CVE-2023-40318",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40318"
},
{
"cve": "CVE-2023-40317",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40317"
},
{
"cve": "CVE-2023-40316",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40316"
},
{
"cve": "CVE-2022-39369",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-39369"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
WID-SEC-W-2023-2309
Vulnerability from csaf_certbund - Published: 2023-09-11 22:00 - Updated: 2023-09-11 22:00Summary
SAP Patchday September 2023
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2309 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2309.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2309 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2309"
},
{
"category": "external",
"summary": "SAP Patchday September 2023 vom 2023-09-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2023",
"tracking": {
"current_release_date": "2023-09-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.189+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2309",
"initial_release_date": "2023-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42472",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-42472"
},
{
"cve": "CVE-2023-41369",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41369"
},
{
"cve": "CVE-2023-41368",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41368"
},
{
"cve": "CVE-2023-41367",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41367"
},
{
"cve": "CVE-2023-40625",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40625"
},
{
"cve": "CVE-2023-40624",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40624"
},
{
"cve": "CVE-2023-40623",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40623"
},
{
"cve": "CVE-2023-40622",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40622"
},
{
"cve": "CVE-2023-40621",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40621"
},
{
"cve": "CVE-2023-40309",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40309"
},
{
"cve": "CVE-2023-40308",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40308"
},
{
"cve": "CVE-2023-40306",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40306"
},
{
"cve": "CVE-2023-37489",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-37489"
},
{
"cve": "CVE-2023-25616",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-25616"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-41272",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2022-41272"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
WID-SEC-W-2024-0117
Vulnerability from csaf_certbund - Published: 2024-01-16 23:00 - Updated: 2024-01-16 23:00Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a. von Handelsfirmen und der Gastronomie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0117 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0117.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0117 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0117"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Retail Applications vom 2024-01-16",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixRAPP"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:46.978+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0117",
"initial_release_date": "2024-01-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Retail Applications 16.0.3",
"product": {
"name": "Oracle Retail Applications 16.0.3",
"product_id": "T019034",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:16.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 20.0.1",
"product": {
"name": "Oracle Retail Applications 20.0.1",
"product_id": "T019911",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:20.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 15.0.3",
"product": {
"name": "Oracle Retail Applications 15.0.3",
"product_id": "T020721",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:15.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 18.0.0.14",
"product": {
"name": "Oracle Retail Applications 18.0.0.14",
"product_id": "T032125",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:18.0.0.14"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 19.0.0.8",
"product": {
"name": "Oracle Retail Applications 19.0.0.8",
"product_id": "T032126",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:19.0.0.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications \u003c= 23.0.0",
"product": {
"name": "Oracle Retail Applications \u003c= 23.0.0",
"product_id": "T032127",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:23.0.0"
}
}
}
],
"category": "product_name",
"name": "Retail Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-35887",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-35887"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2020-26870",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2020-26870"
}
]
}
WID-SEC-W-2022-2368
Vulnerability from csaf_certbund - Published: 2022-12-19 23:00 - Updated: 2023-01-09 23:00Summary
HCL BigFix: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verfügbarkeit, die Vertraulichkeit und die Integrität zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2368 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2368.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2368 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2368"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6853623 vom 2023-01-09",
"url": "https://www.ibm.com/support/pages/node/6853623"
},
{
"category": "external",
"summary": "HCL Security Bulletin KB0102049 vom 2022-12-17",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102049"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102168"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102140"
}
],
"source_lang": "en-US",
"title": "HCL BigFix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-09T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:40:12.874+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2368",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-12-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-01-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product": {
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product_id": "T025721",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:10.0.8"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 9.5.21",
"product": {
"name": "HCL BigFix \u003c 9.5.21",
"product_id": "T025722",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:9.5.21"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44756",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44756"
},
{
"cve": "CVE-2022-42454",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42454"
},
{
"cve": "CVE-2022-42448",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42448"
},
{
"cve": "CVE-2022-39299",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-39299"
},
{
"cve": "CVE-2022-38655",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-38655"
},
{
"cve": "CVE-2022-37616",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-37616"
},
{
"cve": "CVE-2022-33987",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-25896",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25896"
},
{
"cve": "CVE-2022-25887",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25887"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-32014",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32014"
},
{
"cve": "CVE-2021-32013",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32013"
},
{
"cve": "CVE-2021-32012",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32012"
}
]
}
WID-SEC-W-2023-2229
Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2024-08-12 22:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-08-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:57:53.670+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2229",
"initial_release_date": "2023-08-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Splunk Splunk Enterprise",
"product": {
"name": "Splunk Splunk Enterprise",
"product_id": "T008911",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.1",
"product_id": "T029634"
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.6",
"product_id": "T029635"
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.2.12",
"product_id": "T029636"
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7489",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2013-7489"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-20225",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-20225"
},
{
"cve": "CVE-2019-20454",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20838"
},
{
"cve": "CVE-2020-14155",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-14155"
},
{
"cve": "CVE-2020-28469",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28469"
},
{
"cve": "CVE-2020-28851",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-29652",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-29652"
},
{
"cve": "CVE-2020-8169",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-20066",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-20066"
},
{
"cve": "CVE-2021-22569",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2021-22876",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23343",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-23382",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-27918",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-29060",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29923",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-31525",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-31566",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31566"
},
{
"cve": "CVE-2021-33194",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33194"
},
{
"cve": "CVE-2021-33195",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-3520",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3572",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3572"
},
{
"cve": "CVE-2021-36221",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-36976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36976"
},
{
"cve": "CVE-2021-3803",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2021-38297",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38297"
},
{
"cve": "CVE-2021-38561",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-39293",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41771",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-43565",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-1705",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1941",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1941"
},
{
"cve": "CVE-2022-1962",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-22576",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-2309",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2309"
},
{
"cve": "CVE-2022-23491",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23491"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-24999",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-25881",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-27191",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-27536",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-27664",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27774",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-28131",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-28327",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-2879",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-29526",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-29804",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-30115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-30580",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-32148",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32149",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32149"
},
{
"cve": "CVE-2022-32189",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-33987",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-3509",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3510",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3510"
},
{
"cve": "CVE-2022-3517",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3517"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-36227",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-37599",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-38900",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2022-40023",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40897",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-40899",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40899"
},
{
"cve": "CVE-2022-41715",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41720",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-46175",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-23914",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-24539",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-27533",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-29400",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29402",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29402"
},
{
"cve": "CVE-2023-29403",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29403"
},
{
"cve": "CVE-2023-29404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29404"
},
{
"cve": "CVE-2023-29405",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29405"
},
{
"cve": "CVE-2023-40592",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40592"
},
{
"cve": "CVE-2023-40593",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40593"
},
{
"cve": "CVE-2023-40594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40594"
},
{
"cve": "CVE-2023-40595",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40595"
},
{
"cve": "CVE-2023-40596",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40596"
},
{
"cve": "CVE-2023-40597",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40597"
},
{
"cve": "CVE-2023-40598",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40598"
}
]
}
SUSE-SU-2022:1729-1
Vulnerability from csaf_suse - Published: 2022-05-18 14:55 - Updated: 2022-05-18 14:55Summary
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Notes
Title of the patch
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Description of the patch
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:
Security fixes included on the update:
ardana-barbican:
- Update policies to protect container secret access (SOC-11621)
- Update policies to protect secret metadata access (SOC-11620)
openstack-neutron:
- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).
rubygem-sinatra:
- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).
python-XStatic-jquery-ui:
- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)
- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)
- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)
python-lxml:
- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).
openstack-barbican:
- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).
grafana:
- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).
openstack-keystone:
- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).
Non-security fixes included on the update:
Changes in ardana-barbican:
- Update to version 9.0+git.1644879908.8a641c1:
* Update policies to protect container secret access (SOC-11621)
- Update to version 9.0+git.1643052417.9a3348e:
* update policies to protect secret metadata access (SOC-11620)
Changes in grafana:
- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)
* directory traversal vulnerability for .md files
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache
Changes in openstack-barbican:
- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch
and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix
the legacy policy rules for adding a secret to a container and removing
a secret from a container. bsc#1194954,CVE-2022-23452
- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the
legacy policy rules for accessing secret metadata by checking that
the user making the request is authenticated for the project that
owns the secret. bsc#1194952,CVE-2022-23451
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev4:
* Add support for yoga
- Update to version group-based-policy-automation-14.0.1.dev3:
* Python2/3 compatibility fixes
- Update to version group-based-policy-automation-14.0.1.dev2:
* Add support for xena
- Update to version group-based-policy-automation-14.0.1.dev1:
* Remove py27 from gate jobs
14.0.0
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev3:
* Add support for yoga
- Update to version group-based-policy-ui-14.0.1.dev2:
* Python2/3 compatibility changes
- Update to version group-based-policy-ui-14.0.1.dev1:
* Add support for xena
14.0.0
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-keystone:
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-keystone:
- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix
the problem where AccountLocked exception discloses sensitive information.
bsc#1189390,CVE-2021-38155
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev33:
* Populate network mtu for erspan
- Update to version group-based-policy-14.0.1.dev32:
* ERSPAN config error when Openstack port is created in a different project than network it belongs to
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev31:
* Python2/3 compatibility fixes
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev29:
* Fix oslo\_i18n usage
- Update to version group-based-policy-14.0.1.dev27:
* Update mechanism\_driver cache
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev26:
* Add support for xena
- Update to version group-based-policy-14.0.1.dev24:
* update\_floatingip\_status\_while\_deleting\_the\_vm
- Update to version group-based-policy-14.0.1.dev22:
* Updating host id by appending pid in existing host id
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev20:
* Revert 'Add workaround to get\_subnets'
Changes in python-lxml:
- Fix bsc#1179534 (CVE-2020-27783)
mXSS due to the use of improper parser
Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch
- Fix bsc#1118088 (CVE-2018-19787)
lxml/html/clean.py in the lxml.html.clean module does not remove
javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks
Patch file: 0001-CVE-2018-19787.patch
- Fix bsc#1184177 (CVE-2021-28957)
missing input sanitization for formaction HTML5 attributes may lead to XSS
Patch file: 0001-CVE-2021-28957.patch
- Fix bsc#1193752 (CVE-2021-43818)
Cleaner: Remove SVG image data URLs since they can embed script content.
Reported as GHSL-2021-1037 and GHSL-2021-1038
Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch
Changes in openstack-neutron-doc:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Remove cve-2021-40085-stable-rocky.patch (merged upstream)
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)
* Remove dhcp_extra_opt value after first newline character
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in python-Pillow:
- Add 030-CVE-2022-22817.patch
* From upstream, backported
* Fixes CVE-2022-22817, bsc#1194521
* test from upstream updated for python2
- Add 028-CVE-2022-22815.patch
* From upstream, backported
* Fixes CVE-2022-22815, bsc#1194552
- Add 029-CVE-2022-22816.patch
* From upstream, backported
* Fixes CVE-2022-22816, bsc#1194551
Changes in python-XStatic-jquery-ui:
- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,
CVE-2021-41184, bsc#1192075, CVE-2021-41183)
* Fix XSS in the altField option of the Datepicker widget
(CVE-2021-41182)
* Fix XSS in *Text options of the Datepicker widget
(CVE-2021-41183)
* Fix XSS in the of option of the .position() util
(CVE-2021-41184)
* Drop support for Query 1.7
* Accordion: allow function parameter for selecting header
elements
* Datepicker: add optional onUpdateDatepicker callback
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20220413:
* Update release notes to indicate support for SES7
- Update to version 9.20220112:
* Add reference to keystone bcrypt issue to known limitations (bsc#1186380)
Changes in rubygem-sinatra:
- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)
Patchnames
SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:\n\nSecurity fixes included on the update:\n\nardana-barbican:\n\n- Update policies to protect container secret access (SOC-11621)\n- Update policies to protect secret metadata access (SOC-11620)\n\nopenstack-neutron:\n\n- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).\n\nrubygem-sinatra:\n\n- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).\n\npython-XStatic-jquery-ui:\n\n- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)\n- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)\n- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)\n\npython-lxml:\n\n- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).\n- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).\n- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).\n- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).\n\nopenstack-barbican:\n\n- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).\n- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project\u0027s containers (bsc#1194954).\n\ngrafana:\n\n- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).\n\nopenstack-keystone:\n\n- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).\n\nNon-security fixes included on the update:\n\nChanges in ardana-barbican:\n- Update to version 9.0+git.1644879908.8a641c1:\n * Update policies to protect container secret access (SOC-11621)\n\n- Update to version 9.0+git.1643052417.9a3348e:\n * update policies to protect secret metadata access (SOC-11620)\n\nChanges in grafana:\n- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)\n * directory traversal vulnerability for .md files \n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n * Fix Go net/http: limit growth of header canonicalization cache\n\nChanges in openstack-barbican:\n- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch\n and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix\n the legacy policy rules for adding a secret to a container and removing\n a secret from a container. bsc#1194954,CVE-2022-23452\n\n- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the\n legacy policy rules for accessing secret metadata by checking that\n the user making the request is authenticated for the project that\n owns the secret. bsc#1194952,CVE-2022-23451\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-heat-gbp:\n- Update to version group-based-policy-automation-14.0.1.dev4:\n * Add support for yoga\n\n- Update to version group-based-policy-automation-14.0.1.dev3:\n * Python2/3 compatibility fixes\n\n- Update to version group-based-policy-automation-14.0.1.dev2:\n * Add support for xena\n\n- Update to version group-based-policy-automation-14.0.1.dev1:\n * Remove py27 from gate jobs\n 14.0.0\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev3:\n * Add support for yoga\n\n- Update to version group-based-policy-ui-14.0.1.dev2:\n * Python2/3 compatibility changes\n\n- Update to version group-based-policy-ui-14.0.1.dev1:\n * Add support for xena\n 14.0.0\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-keystone:\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-keystone:\n- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix\n the problem where AccountLocked exception discloses sensitive information.\n bsc#1189390,CVE-2021-38155\n\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev33:\n * Populate network mtu for erspan\n\n- Update to version group-based-policy-14.0.1.dev32:\n * ERSPAN config error when Openstack port is created in a different project than network it belongs to\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev31:\n * Python2/3 compatibility fixes\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev29:\n * Fix oslo\\_i18n usage\n\n- Update to version group-based-policy-14.0.1.dev27:\n * Update mechanism\\_driver cache\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev26:\n * Add support for xena\n\n- Update to version group-based-policy-14.0.1.dev24:\n * update\\_floatingip\\_status\\_while\\_deleting\\_the\\_vm\n\n- Update to version group-based-policy-14.0.1.dev22:\n * Updating host id by appending pid in existing host id\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev20:\n * Revert \u0027Add workaround to get\\_subnets\u0027\n\nChanges in python-lxml:\n- Fix bsc#1179534 (CVE-2020-27783)\n mXSS due to the use of improper parser \n Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch\n- Fix bsc#1118088 (CVE-2018-19787)\n lxml/html/clean.py in the lxml.html.clean module does not remove\n javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks\n Patch file: 0001-CVE-2018-19787.patch\n- Fix bsc#1184177 (CVE-2021-28957)\n missing input sanitization for formaction HTML5 attributes may lead to XSS\n Patch file: 0001-CVE-2021-28957.patch\n- Fix bsc#1193752 (CVE-2021-43818)\n Cleaner: Remove SVG image data URLs since they can embed script content.\n Reported as GHSL-2021-1037 and GHSL-2021-1038 \n Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch\n\nChanges in openstack-neutron-doc:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Remove cve-2021-40085-stable-rocky.patch (merged upstream)\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085) \n * Remove dhcp_extra_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in python-Pillow:\n- Add 030-CVE-2022-22817.patch\n * From upstream, backported\n * Fixes CVE-2022-22817, bsc#1194521 \n * test from upstream updated for python2\n\n- Add 028-CVE-2022-22815.patch\n * From upstream, backported\n * Fixes CVE-2022-22815, bsc#1194552\n- Add 029-CVE-2022-22816.patch\n * From upstream, backported\n * Fixes CVE-2022-22816, bsc#1194551\n\nChanges in python-XStatic-jquery-ui:\n- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,\n CVE-2021-41184, bsc#1192075, CVE-2021-41183)\n * Fix XSS in the altField option of the Datepicker widget \n (CVE-2021-41182)\n * Fix XSS in *Text options of the Datepicker widget\n (CVE-2021-41183)\n * Fix XSS in the of option of the .position() util\n (CVE-2021-41184)\n * Drop support for Query 1.7\n * Accordion: allow function parameter for selecting header\n elements\n * Datepicker: add optional onUpdateDatepicker callback\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 9.20220413:\n * Update release notes to indicate support for SES7\n- Update to version 9.20220112:\n * Add reference to keystone bcrypt issue to known limitations (bsc#1186380)\n\nChanges in rubygem-sinatra:\n- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1729-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1729-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221729-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1729-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1118088",
"url": "https://bugzilla.suse.com/1118088"
},
{
"category": "self",
"summary": "SUSE Bug 1179534",
"url": "https://bugzilla.suse.com/1179534"
},
{
"category": "self",
"summary": "SUSE Bug 1184177",
"url": "https://bugzilla.suse.com/1184177"
},
{
"category": "self",
"summary": "SUSE Bug 1186380",
"url": "https://bugzilla.suse.com/1186380"
},
{
"category": "self",
"summary": "SUSE Bug 1189390",
"url": "https://bugzilla.suse.com/1189390"
},
{
"category": "self",
"summary": "SUSE Bug 1189794",
"url": "https://bugzilla.suse.com/1189794"
},
{
"category": "self",
"summary": "SUSE Bug 1192070",
"url": "https://bugzilla.suse.com/1192070"
},
{
"category": "self",
"summary": "SUSE Bug 1192073",
"url": "https://bugzilla.suse.com/1192073"
},
{
"category": "self",
"summary": "SUSE Bug 1192075",
"url": "https://bugzilla.suse.com/1192075"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1193688",
"url": "https://bugzilla.suse.com/1193688"
},
{
"category": "self",
"summary": "SUSE Bug 1193752",
"url": "https://bugzilla.suse.com/1193752"
},
{
"category": "self",
"summary": "SUSE Bug 1194521",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "self",
"summary": "SUSE Bug 1194551",
"url": "https://bugzilla.suse.com/1194551"
},
{
"category": "self",
"summary": "SUSE Bug 1194552",
"url": "https://bugzilla.suse.com/1194552"
},
{
"category": "self",
"summary": "SUSE Bug 1194952",
"url": "https://bugzilla.suse.com/1194952"
},
{
"category": "self",
"summary": "SUSE Bug 1194954",
"url": "https://bugzilla.suse.com/1194954"
},
{
"category": "self",
"summary": "SUSE Bug 1199138",
"url": "https://bugzilla.suse.com/1199138"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19787 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27783 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28957 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41182 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41183 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41184 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22815 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22817 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23451 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23452 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29970/"
}
],
"title": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"tracking": {
"current_release_date": "2022-05-18T14:55:52Z",
"generator": {
"date": "2022-05-18T14:55:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1729-1",
"initial_release_date": "2022-05-18T14:55:52Z",
"revision_history": [
{
"date": "2022-05-18T14:55:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.aarch64",
"product": {
"name": "grafana-6.7.4-3.26.1.aarch64",
"product_id": "grafana-6.7.4-3.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python3-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product_id": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "python-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "python-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "python-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "python-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "python-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python3-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product_id": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product_id": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product_id": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product_id": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product_id": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product_id": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product_id": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product_id": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product_id": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product_id": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product_id": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product_id": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product_id": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product_id": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product_id": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product": {
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product_id": "grafana-6.7.4-3.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python3-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.s390x",
"product": {
"name": "grafana-6.7.4-3.26.1.s390x",
"product_id": "grafana-6.7.4-3.26.1.s390x"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python3-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.x86_64",
"product": {
"name": "grafana-6.7.4-3.26.1.x86_64",
"product_id": "grafana-6.7.4-3.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python3-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
},
"product_reference": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
},
"product_reference": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
},
"product_reference": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
},
"product_reference": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
},
"product_reference": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
},
"product_reference": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
},
"product_reference": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
},
"product_reference": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
},
"product_reference": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
},
"product_reference": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
},
"product_reference": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
},
"product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
},
"product_reference": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
},
"product_reference": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
},
"product_reference": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
},
"product_reference": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19787"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19787",
"url": "https://www.suse.com/security/cve/CVE-2018-19787"
},
{
"category": "external",
"summary": "SUSE Bug 1118088 for CVE-2018-19787",
"url": "https://bugzilla.suse.com/1118088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2018-19787"
},
{
"cve": "CVE-2020-27783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27783"
}
],
"notes": [
{
"category": "general",
"text": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27783",
"url": "https://www.suse.com/security/cve/CVE-2020-27783"
},
{
"category": "external",
"summary": "SUSE Bug 1179534 for CVE-2020-27783",
"url": "https://bugzilla.suse.com/1179534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2020-27783"
},
{
"cve": "CVE-2021-28957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28957"
}
],
"notes": [
{
"category": "general",
"text": "An XSS vulnerability was discovered in python-lxml\u0027s clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28957",
"url": "https://www.suse.com/security/cve/CVE-2021-28957"
},
{
"category": "external",
"summary": "SUSE Bug 1184177 for CVE-2021-28957",
"url": "https://bugzilla.suse.com/1184177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-28957"
},
{
"cve": "CVE-2021-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38155"
}
],
"notes": [
{
"category": "general",
"text": "OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account\u0027s corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38155",
"url": "https://www.suse.com/security/cve/CVE-2021-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1189390 for CVE-2021-38155",
"url": "https://bugzilla.suse.com/1189390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-38155"
},
{
"cve": "CVE-2021-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40085"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40085",
"url": "https://www.suse.com/security/cve/CVE-2021-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1189794 for CVE-2021-40085",
"url": "https://bugzilla.suse.com/1189794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-40085"
},
{
"cve": "CVE-2021-41182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41182"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41182",
"url": "https://www.suse.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "SUSE Bug 1192070 for CVE-2021-41182",
"url": "https://bugzilla.suse.com/1192070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41183"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41183",
"url": "https://www.suse.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "SUSE Bug 1192075 for CVE-2021-41183",
"url": "https://bugzilla.suse.com/1192075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41184"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41184",
"url": "https://www.suse.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "SUSE Bug 1192073 for CVE-2021-41184",
"url": "https://bugzilla.suse.com/1192073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43818"
}
],
"notes": [
{
"category": "general",
"text": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43818",
"url": "https://www.suse.com/security/cve/CVE-2021-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1193752 for CVE-2021-43818",
"url": "https://bugzilla.suse.com/1193752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43818"
},
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2022-22815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22815"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22815",
"url": "https://www.suse.com/security/cve/CVE-2022-22815"
},
{
"category": "external",
"summary": "SUSE Bug 1194552 for CVE-2022-22815",
"url": "https://bugzilla.suse.com/1194552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22815"
},
{
"cve": "CVE-2022-22816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22816"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22816",
"url": "https://www.suse.com/security/cve/CVE-2022-22816"
},
{
"category": "external",
"summary": "SUSE Bug 1194551 for CVE-2022-22816",
"url": "https://bugzilla.suse.com/1194551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22816"
},
{
"cve": "CVE-2022-22817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22817"
}
],
"notes": [
{
"category": "general",
"text": "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22817",
"url": "https://www.suse.com/security/cve/CVE-2022-22817"
},
{
"category": "external",
"summary": "SUSE Bug 1194521 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "external",
"summary": "SUSE Bug 1219048 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1219048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-22817"
},
{
"cve": "CVE-2022-23451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23451"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23451",
"url": "https://www.suse.com/security/cve/CVE-2022-23451"
},
{
"category": "external",
"summary": "SUSE Bug 1194952 for CVE-2022-23451",
"url": "https://bugzilla.suse.com/1194952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23451"
},
{
"cve": "CVE-2022-23452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23452"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23452",
"url": "https://www.suse.com/security/cve/CVE-2022-23452"
},
{
"category": "external",
"summary": "SUSE Bug 1194954 for CVE-2022-23452",
"url": "https://bugzilla.suse.com/1194954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23452"
},
{
"cve": "CVE-2022-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29970"
}
],
"notes": [
{
"category": "general",
"text": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29970",
"url": "https://www.suse.com/security/cve/CVE-2022-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1199138 for CVE-2022-29970",
"url": "https://bugzilla.suse.com/1199138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2022-29970"
}
]
}
GHSA-9GJ3-HWP5-PMWC
Vulnerability from github – Published: 2021-10-26 14:55 – Updated: 2021-10-27 17:00
VLAI?
Summary
XSS in the `altField` option of the Datepicker widget in jquery-ui
Details
Impact
Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.
Patches
The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.
Workarounds
A workaround is to not accept the value of the altField option from untrusted sources.
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery.UI.Combined"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-ui-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41182"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-25T22:06:41Z",
"nvd_published_at": "2021-10-26T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAccepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:\n```js\n$( \"#datepicker\" ).datepicker( {\n\taltField: \"\u003cimg onerror=\u0027doEvilThing()\u0027 src=\u0027/404\u0027 /\u003e\",\n} );\n```\nwill call the `doEvilThing` function.\n\n### Patches\nThe issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector.\n\n### Workarounds\nA workaround is to not accept the value of the `altField` option from untrusted sources.\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don\u0027t find an answer, open a new issue.",
"id": "GHSA-9gj3-hwp5-pmwc",
"modified": "2021-10-27T17:00:10Z",
"published": "2021-10-26T14:55:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2021-41182.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery-ui"
},
{
"type": "WEB",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XSS in the `altField` option of the Datepicker widget in jquery-ui"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…