Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-29921 (GCVE-0-2021-29921)
Vulnerability from cvelistv5 – Published: 2021-05-06 00:00 – Updated: 2025-11-03 21:44
VLAI
EPSS
Summary
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
17 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:44:43.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sickcodes"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.python.org/3/library/ipaddress.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://sick.codes/sick-2021-014"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue36384"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/12577"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/25099"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210622-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sickcodes"
},
{
"url": "https://docs.python.org/3/library/ipaddress.html"
},
{
"url": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst"
},
{
"url": "https://sick.codes/sick-2021-014"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md"
},
{
"url": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html"
},
{
"url": "https://bugs.python.org/issue36384"
},
{
"url": "https://github.com/python/cpython/pull/12577"
},
{
"url": "https://github.com/python/cpython/pull/25099"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210622-0003/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29921",
"datePublished": "2021-05-06T00:00:00.000Z",
"dateReserved": "2021-04-01T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:44:43.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-29921",
"date": "2026-06-30",
"epss": "0.06827",
"percentile": "0.93213"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29921\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-06T13:15:12.573\",\"lastModified\":\"2025-11-03T22:15:48.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.\"},{\"lang\":\"es\",\"value\":\"En Python antes de la versiones 3,9,5, la biblioteca ipaddress maneja mal los caracteres cero iniciales en los octetos de una cadena de direcciones IP. Esto (en algunas situaciones) permite a los atacantes eludir el control de acceso que se basa en las direcciones IP\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8.0\",\"versionEndExcluding\":\"3.8.12\",\"matchCriteriaId\":\"AECFC6AC-5ECE-45F8-97F2-6D8D33C49F80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9.0\",\"versionEndExcluding\":\"3.9.5\",\"matchCriteriaId\":\"91FD0AF9-B011-4238-8CF1-BDEA0399AF82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98FB24DB-AF91-48D0-9CA5-C8250D183FD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10323322-F6C0-4EA7-9344-736F7A80AA5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA09838-BF13-46AC-BB97-A69F48B73A8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C21EB1C3-3251-4B99-9D5F-E4E089E2EC62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"CA0CBB5F-6CA5-4DFC-97A3-05643F8885DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"https://bugs.python.org/issue36384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://docs.python.org/3/library/ipaddress.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/python/cpython/pull/12577\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/python/cpython/pull/25099\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sickcodes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-02\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210622-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sick.codes/sick-2021-014\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.python.org/issue36384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://docs.python.org/3/library/ipaddress.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/python/cpython/pull/12577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/python/cpython/pull/25099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sickcodes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210622-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sick.codes/sick-2021-014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2021:2940-1
Vulnerability from csaf_suse - Published: 2021-09-03 07:22 - Updated: 2021-09-03 07:22Summary
Security update for python39
Severity
Important
Notes
Title of the patch: Security update for python39
Description of the patch: This update for python39 fixes the following issues:
- CVE-2021-29921: Fixed improper input validation of octal string IP addresses (bsc#1185706).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol (bsc#1185588), which means python2 currently.
Patchnames: SUSE-2021-2940,SUSE-SLE-Module-Basesystem-15-SP3-2021-2940,SUSE-SLE-Module-Development-Tools-15-SP3-2021-2940
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python39",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python39 fixes the following issues:\n\n- CVE-2021-29921: Fixed improper input validation of octal string IP addresses (bsc#1185706).\n- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).\n- Stop providing \u0027python\u0027 symbol (bsc#1185588), which means python2 currently.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-2940,SUSE-SLE-Module-Basesystem-15-SP3-2021-2940,SUSE-SLE-Module-Development-Tools-15-SP3-2021-2940",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2940-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:2940-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212940-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:2940-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009402.html"
},
{
"category": "self",
"summary": "SUSE Bug 1183858",
"url": "https://bugzilla.suse.com/1183858"
},
{
"category": "self",
"summary": "SUSE Bug 1185588",
"url": "https://bugzilla.suse.com/1185588"
},
{
"category": "self",
"summary": "SUSE Bug 1185706",
"url": "https://bugzilla.suse.com/1185706"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29921 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29921/"
}
],
"title": "Security update for python39",
"tracking": {
"current_release_date": "2021-09-03T07:22:28Z",
"generator": {
"date": "2021-09-03T07:22:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:2940-1",
"initial_release_date": "2021-09-03T07:22:28Z",
"revision_history": [
{
"date": "2021-09-03T07:22:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"product": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"product_id": "libpython3_9-1_0-3.9.6-4.3.3.aarch64"
}
},
{
"category": "product_version",
"name": "python39-3.9.6-4.3.4.aarch64",
"product": {
"name": "python39-3.9.6-4.3.4.aarch64",
"product_id": "python39-3.9.6-4.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.6-4.3.3.aarch64",
"product": {
"name": "python39-base-3.9.6-4.3.3.aarch64",
"product_id": "python39-base-3.9.6-4.3.3.aarch64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.6-4.3.4.aarch64",
"product": {
"name": "python39-curses-3.9.6-4.3.4.aarch64",
"product_id": "python39-curses-3.9.6-4.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.6-4.3.4.aarch64",
"product": {
"name": "python39-dbm-3.9.6-4.3.4.aarch64",
"product_id": "python39-dbm-3.9.6-4.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.6-4.3.3.aarch64",
"product": {
"name": "python39-devel-3.9.6-4.3.3.aarch64",
"product_id": "python39-devel-3.9.6-4.3.3.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.6-4.3.1.aarch64",
"product": {
"name": "python39-doc-3.9.6-4.3.1.aarch64",
"product_id": "python39-doc-3.9.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.6-4.3.1.aarch64",
"product": {
"name": "python39-doc-devhelp-3.9.6-4.3.1.aarch64",
"product_id": "python39-doc-devhelp-3.9.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.6-4.3.4.aarch64",
"product": {
"name": "python39-idle-3.9.6-4.3.4.aarch64",
"product_id": "python39-idle-3.9.6-4.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.6-4.3.3.aarch64",
"product": {
"name": "python39-testsuite-3.9.6-4.3.3.aarch64",
"product_id": "python39-testsuite-3.9.6-4.3.3.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.6-4.3.4.aarch64",
"product": {
"name": "python39-tk-3.9.6-4.3.4.aarch64",
"product_id": "python39-tk-3.9.6-4.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.6-4.3.3.aarch64",
"product": {
"name": "python39-tools-3.9.6-4.3.3.aarch64",
"product_id": "python39-tools-3.9.6-4.3.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-64bit-3.9.6-4.3.3.aarch64_ilp32",
"product": {
"name": "libpython3_9-1_0-64bit-3.9.6-4.3.3.aarch64_ilp32",
"product_id": "libpython3_9-1_0-64bit-3.9.6-4.3.3.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-64bit-3.9.6-4.3.4.aarch64_ilp32",
"product": {
"name": "python39-64bit-3.9.6-4.3.4.aarch64_ilp32",
"product_id": "python39-64bit-3.9.6-4.3.4.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-base-64bit-3.9.6-4.3.3.aarch64_ilp32",
"product": {
"name": "python39-base-64bit-3.9.6-4.3.3.aarch64_ilp32",
"product_id": "python39-base-64bit-3.9.6-4.3.3.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.6-4.3.3.i586",
"product": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.i586",
"product_id": "libpython3_9-1_0-3.9.6-4.3.3.i586"
}
},
{
"category": "product_version",
"name": "python39-3.9.6-4.3.4.i586",
"product": {
"name": "python39-3.9.6-4.3.4.i586",
"product_id": "python39-3.9.6-4.3.4.i586"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.6-4.3.3.i586",
"product": {
"name": "python39-base-3.9.6-4.3.3.i586",
"product_id": "python39-base-3.9.6-4.3.3.i586"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.6-4.3.4.i586",
"product": {
"name": "python39-curses-3.9.6-4.3.4.i586",
"product_id": "python39-curses-3.9.6-4.3.4.i586"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.6-4.3.4.i586",
"product": {
"name": "python39-dbm-3.9.6-4.3.4.i586",
"product_id": "python39-dbm-3.9.6-4.3.4.i586"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.6-4.3.3.i586",
"product": {
"name": "python39-devel-3.9.6-4.3.3.i586",
"product_id": "python39-devel-3.9.6-4.3.3.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.6-4.3.1.i586",
"product": {
"name": "python39-doc-3.9.6-4.3.1.i586",
"product_id": "python39-doc-3.9.6-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.6-4.3.1.i586",
"product": {
"name": "python39-doc-devhelp-3.9.6-4.3.1.i586",
"product_id": "python39-doc-devhelp-3.9.6-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.6-4.3.4.i586",
"product": {
"name": "python39-idle-3.9.6-4.3.4.i586",
"product_id": "python39-idle-3.9.6-4.3.4.i586"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.6-4.3.3.i586",
"product": {
"name": "python39-testsuite-3.9.6-4.3.3.i586",
"product_id": "python39-testsuite-3.9.6-4.3.3.i586"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.6-4.3.4.i586",
"product": {
"name": "python39-tk-3.9.6-4.3.4.i586",
"product_id": "python39-tk-3.9.6-4.3.4.i586"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.6-4.3.3.i586",
"product": {
"name": "python39-tools-3.9.6-4.3.3.i586",
"product_id": "python39-tools-3.9.6-4.3.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"product": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"product_id": "libpython3_9-1_0-3.9.6-4.3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-3.9.6-4.3.4.ppc64le",
"product": {
"name": "python39-3.9.6-4.3.4.ppc64le",
"product_id": "python39-3.9.6-4.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.6-4.3.3.ppc64le",
"product": {
"name": "python39-base-3.9.6-4.3.3.ppc64le",
"product_id": "python39-base-3.9.6-4.3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.6-4.3.4.ppc64le",
"product": {
"name": "python39-curses-3.9.6-4.3.4.ppc64le",
"product_id": "python39-curses-3.9.6-4.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.6-4.3.4.ppc64le",
"product": {
"name": "python39-dbm-3.9.6-4.3.4.ppc64le",
"product_id": "python39-dbm-3.9.6-4.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.6-4.3.3.ppc64le",
"product": {
"name": "python39-devel-3.9.6-4.3.3.ppc64le",
"product_id": "python39-devel-3.9.6-4.3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.6-4.3.1.ppc64le",
"product": {
"name": "python39-doc-3.9.6-4.3.1.ppc64le",
"product_id": "python39-doc-3.9.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.6-4.3.1.ppc64le",
"product": {
"name": "python39-doc-devhelp-3.9.6-4.3.1.ppc64le",
"product_id": "python39-doc-devhelp-3.9.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.6-4.3.4.ppc64le",
"product": {
"name": "python39-idle-3.9.6-4.3.4.ppc64le",
"product_id": "python39-idle-3.9.6-4.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.6-4.3.3.ppc64le",
"product": {
"name": "python39-testsuite-3.9.6-4.3.3.ppc64le",
"product_id": "python39-testsuite-3.9.6-4.3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.6-4.3.4.ppc64le",
"product": {
"name": "python39-tk-3.9.6-4.3.4.ppc64le",
"product_id": "python39-tk-3.9.6-4.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.6-4.3.3.ppc64le",
"product": {
"name": "python39-tools-3.9.6-4.3.3.ppc64le",
"product_id": "python39-tools-3.9.6-4.3.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.6-4.3.3.s390x",
"product": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.s390x",
"product_id": "libpython3_9-1_0-3.9.6-4.3.3.s390x"
}
},
{
"category": "product_version",
"name": "python39-3.9.6-4.3.4.s390x",
"product": {
"name": "python39-3.9.6-4.3.4.s390x",
"product_id": "python39-3.9.6-4.3.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.6-4.3.3.s390x",
"product": {
"name": "python39-base-3.9.6-4.3.3.s390x",
"product_id": "python39-base-3.9.6-4.3.3.s390x"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.6-4.3.4.s390x",
"product": {
"name": "python39-curses-3.9.6-4.3.4.s390x",
"product_id": "python39-curses-3.9.6-4.3.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.6-4.3.4.s390x",
"product": {
"name": "python39-dbm-3.9.6-4.3.4.s390x",
"product_id": "python39-dbm-3.9.6-4.3.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.6-4.3.3.s390x",
"product": {
"name": "python39-devel-3.9.6-4.3.3.s390x",
"product_id": "python39-devel-3.9.6-4.3.3.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.6-4.3.1.s390x",
"product": {
"name": "python39-doc-3.9.6-4.3.1.s390x",
"product_id": "python39-doc-3.9.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.6-4.3.1.s390x",
"product": {
"name": "python39-doc-devhelp-3.9.6-4.3.1.s390x",
"product_id": "python39-doc-devhelp-3.9.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.6-4.3.4.s390x",
"product": {
"name": "python39-idle-3.9.6-4.3.4.s390x",
"product_id": "python39-idle-3.9.6-4.3.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.6-4.3.3.s390x",
"product": {
"name": "python39-testsuite-3.9.6-4.3.3.s390x",
"product_id": "python39-testsuite-3.9.6-4.3.3.s390x"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.6-4.3.4.s390x",
"product": {
"name": "python39-tk-3.9.6-4.3.4.s390x",
"product_id": "python39-tk-3.9.6-4.3.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.6-4.3.3.s390x",
"product": {
"name": "python39-tools-3.9.6-4.3.3.s390x",
"product_id": "python39-tools-3.9.6-4.3.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"product": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"product_id": "libpython3_9-1_0-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_9-1_0-32bit-3.9.6-4.3.3.x86_64",
"product": {
"name": "libpython3_9-1_0-32bit-3.9.6-4.3.3.x86_64",
"product_id": "libpython3_9-1_0-32bit-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-3.9.6-4.3.4.x86_64",
"product_id": "python39-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-32bit-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-32bit-3.9.6-4.3.4.x86_64",
"product_id": "python39-32bit-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.6-4.3.3.x86_64",
"product": {
"name": "python39-base-3.9.6-4.3.3.x86_64",
"product_id": "python39-base-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-32bit-3.9.6-4.3.3.x86_64",
"product": {
"name": "python39-base-32bit-3.9.6-4.3.3.x86_64",
"product_id": "python39-base-32bit-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-curses-3.9.6-4.3.4.x86_64",
"product_id": "python39-curses-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-dbm-3.9.6-4.3.4.x86_64",
"product_id": "python39-dbm-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.6-4.3.3.x86_64",
"product": {
"name": "python39-devel-3.9.6-4.3.3.x86_64",
"product_id": "python39-devel-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.6-4.3.1.x86_64",
"product": {
"name": "python39-doc-3.9.6-4.3.1.x86_64",
"product_id": "python39-doc-3.9.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.6-4.3.1.x86_64",
"product": {
"name": "python39-doc-devhelp-3.9.6-4.3.1.x86_64",
"product_id": "python39-doc-devhelp-3.9.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-idle-3.9.6-4.3.4.x86_64",
"product_id": "python39-idle-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.6-4.3.3.x86_64",
"product": {
"name": "python39-testsuite-3.9.6-4.3.3.x86_64",
"product_id": "python39-testsuite-3.9.6-4.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.6-4.3.4.x86_64",
"product": {
"name": "python39-tk-3.9.6-4.3.4.x86_64",
"product_id": "python39-tk-3.9.6-4.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.6-4.3.3.x86_64",
"product": {
"name": "python39-tools-3.9.6-4.3.3.x86_64",
"product_id": "python39-tools-3.9.6-4.3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.aarch64"
},
"product_reference": "libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.ppc64le"
},
"product_reference": "libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.s390x"
},
"product_reference": "libpython3_9-1_0-3.9.6-4.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.6-4.3.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.x86_64"
},
"product_reference": "libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.6-4.3.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.aarch64"
},
"product_reference": "python39-3.9.6-4.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.6-4.3.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.ppc64le"
},
"product_reference": "python39-3.9.6-4.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.6-4.3.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.s390x"
},
"product_reference": "python39-3.9.6-4.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.6-4.3.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.x86_64"
},
"product_reference": "python39-3.9.6-4.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.6-4.3.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.aarch64"
},
"product_reference": "python39-base-3.9.6-4.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.6-4.3.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.ppc64le"
},
"product_reference": "python39-base-3.9.6-4.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.6-4.3.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.s390x"
},
"product_reference": "python39-base-3.9.6-4.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.6-4.3.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.x86_64"
},
"product_reference": "python39-base-3.9.6-4.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.6-4.3.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.aarch64"
},
"product_reference": "python39-curses-3.9.6-4.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.6-4.3.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.ppc64le"
},
"product_reference": "python39-curses-3.9.6-4.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.6-4.3.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.s390x"
},
"product_reference": "python39-curses-3.9.6-4.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.6-4.3.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.x86_64"
},
"product_reference": "python39-curses-3.9.6-4.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.6-4.3.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.aarch64"
},
"product_reference": "python39-dbm-3.9.6-4.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.6-4.3.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.ppc64le"
},
"product_reference": "python39-dbm-3.9.6-4.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.6-4.3.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.s390x"
},
"product_reference": "python39-dbm-3.9.6-4.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.6-4.3.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.x86_64"
},
"product_reference": "python39-dbm-3.9.6-4.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.6-4.3.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.aarch64"
},
"product_reference": "python39-devel-3.9.6-4.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.6-4.3.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.ppc64le"
},
"product_reference": "python39-devel-3.9.6-4.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.6-4.3.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.s390x"
},
"product_reference": "python39-devel-3.9.6-4.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.6-4.3.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.x86_64"
},
"product_reference": "python39-devel-3.9.6-4.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.6-4.3.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.aarch64"
},
"product_reference": "python39-idle-3.9.6-4.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.6-4.3.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.ppc64le"
},
"product_reference": "python39-idle-3.9.6-4.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.6-4.3.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.s390x"
},
"product_reference": "python39-idle-3.9.6-4.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.6-4.3.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.x86_64"
},
"product_reference": "python39-idle-3.9.6-4.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.6-4.3.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.aarch64"
},
"product_reference": "python39-tk-3.9.6-4.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.6-4.3.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.ppc64le"
},
"product_reference": "python39-tk-3.9.6-4.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.6-4.3.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.s390x"
},
"product_reference": "python39-tk-3.9.6-4.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.6-4.3.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.x86_64"
},
"product_reference": "python39-tk-3.9.6-4.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.6-4.3.3.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.aarch64"
},
"product_reference": "python39-tools-3.9.6-4.3.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.6-4.3.3.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.ppc64le"
},
"product_reference": "python39-tools-3.9.6-4.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.6-4.3.3.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.s390x"
},
"product_reference": "python39-tools-3.9.6-4.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.6-4.3.3.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.x86_64"
},
"product_reference": "python39-tools-3.9.6-4.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29921"
}
],
"notes": [
{
"category": "general",
"text": "In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29921",
"url": "https://www.suse.com/security/cve/CVE-2021-29921"
},
{
"category": "external",
"summary": "SUSE Bug 1185706 for CVE-2021-29921",
"url": "https://bugzilla.suse.com/1185706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libpython3_9-1_0-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-base-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-curses-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-dbm-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-devel-3.9.6-4.3.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-idle-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-tk-3.9.6-4.3.4.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:python39-tools-3.9.6-4.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-03T07:22:28Z",
"details": "important"
}
],
"title": "CVE-2021-29921"
}
]
}
WID-SEC-W-2022-0464
Vulnerability from csaf_certbund - Published: 2021-07-20 22:00 - Updated: 2025-04-29 22:00Summary
Oracle Java SE: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Hardware Appliance
- Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2
|
Oracle Graal VM Enterprise Edition 20.3.2 | |
|
Oracle Java SE 8u291
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u291
|
8u291 | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
Oracle Java SE 7u301
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u301
|
7u301 | |
|
Trellix ePolicy Orchestrator <5.10 CU 11
Trellix / ePolicy Orchestrator
|
<5.10 CU 11 | ||
|
Oracle Java SE 16.0.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:16.0.1
|
16.0.1 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Broadcom Brocade SANnav <v2.2.0.2
Broadcom / Brocade SANnav
|
<v2.2.0.2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Oracle Java SE 21.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.1.0
|
21.1.0 | |
|
Oracle Java SE 11.0.11
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.11
|
11.0.11 | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
References
59 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Hardware Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0464 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0464.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0464 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0464"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2021 - Appendix Oracle Java SE vom 2021-07-20",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2776 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2781 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2782 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2783 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2783"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2784 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2784"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202107-53 vom 2021-07-22",
"url": "https://security.archlinux.org/ASA-202107-53"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2845 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2845"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2775 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2775"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2845 vom 2021-07-22",
"url": "https://linux.oracle.com/errata/ELSA-2021-2845.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2784 vom 2021-07-22",
"url": "https://linux.oracle.com/errata/ELSA-2021-2784.html"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202107-54 vom 2021-07-22",
"url": "https://security.archlinux.org/ASA-202107-54"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2774 vom 2021-07-21",
"url": "https://access.redhat.com/errata/RHSA-2021:2774"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1692 vom 2021-07-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1692.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2021:2784 vom 2021-07-22",
"url": "https://lists.centos.org/pipermail/centos-announce/2021-July/048345.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2781 vom 2021-07-22",
"url": "http://linux.oracle.com/errata/ELSA-2021-2781.html"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202107-66 vom 2021-07-22",
"url": "https://security.archlinux.org/ASA-202107-66"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2777 vom 2021-07-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2777"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2778 vom 2021-07-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2779 vom 2021-07-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2779"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202107-65 vom 2021-07-22",
"url": "https://security.archlinux.org/ASA-202107-65"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2780 vom 2021-07-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2780"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory",
"url": "https://openjdk.java.net/groups/vulnerability/advisories/2021-07-20"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2776 vom 2021-07-22",
"url": "http://linux.oracle.com/errata/ELSA-2021-2776.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4946 vom 2021-07-30",
"url": "https://www.debian.org/security/2021/dsa-4946"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1695 vom 2021-08-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1695.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2613-1 vom 2021-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009254.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2737 vom 2021-08-09",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2021:2845 vom 2021-08-11",
"url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048348.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-102 vom 2021-08-10",
"url": "https://downloads.avaya.com/css/P8/documents/101076999"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-095 vom 2021-08-11",
"url": "https://downloads.avaya.com/css/P8/documents/101077014"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2798-1 vom 2021-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009324.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2797-1 vom 2021-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009315.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-101 vom 2021-08-25",
"url": "https://downloads.avaya.com/css/P8/documents/101077242"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3292 vom 2021-08-30",
"url": "https://access.redhat.com/errata/RHSA-2021:3292"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3293 vom 2021-08-30",
"url": "https://access.redhat.com/errata/RHSA-2021:3293"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-129 vom 2021-09-03",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-129/index.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2952-1 vom 2021-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009404.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1528 vom 2021-09-08",
"url": "https://alas.aws.amazon.com/ALAS-2021-1528.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4089 vom 2021-11-02",
"url": "https://access.redhat.com/errata/RHSA-2021:4089"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5202-1 vom 2021-12-17",
"url": "https://ubuntu.com/security/notices/USN-5202-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:14875-1 vom 2022-01-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0108-1 vom 2022-01-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010012.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0107-1 vom 2022-01-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010011.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:14876-1 vom 2022-01-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010022.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0166-1 vom 2022-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010052.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6552314 vom 2022-02-04",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-october-2021-affects-ibm-infosphere-information-server-cve-2021-35578-cve-2021-35564/"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2022-1836 vom 2022-06-24",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1836"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2022-1835 vom 2022-06-24",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1835"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202209-05 vom 2022-09-07",
"url": "https://security.gentoo.org/glsa/202209-05"
},
{
"category": "external",
"summary": "Trellix Knowledge Center",
"url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10366"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-26 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-26"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 11 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-11/blob/ece67a968d57210c69d3b9153576613846c1cacf/CHANGELOG.md"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 8 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-8/blob/14eb6b297ac476ca5734706b40903e5a69ecd74a/CHANGELOG.md"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASCORRETTO8-2025-017 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2025-017.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2025-011 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASJAVA-OPENJDK11-2025-011.html"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-29T22:00:00.000+00:00",
"generator": {
"date": "2025-04-30T08:54:55.714+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0464",
"initial_release_date": "2021-07-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-07-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-07-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Arch Linux, Red Hat, Oracle Linux und Amazon aufgenommen"
},
{
"date": "2021-07-22T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von CentOS, Oracle Linux, Arch Linux und Red Hat aufgenommen"
},
{
"date": "2021-07-25T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: FEDORA-2021-ADE03666C0, FEDORA-2021-D20D6712BC, FEDORA-2021-E6B0792D75, FEDORA-2021-4581CCB97D"
},
{
"date": "2021-08-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-08-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2021-08-09T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-08-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von CentOS und AVAYA aufgenommen"
},
{
"date": "2021-08-12T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-08-22T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-08-26T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-08-29T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-09-02T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2021-09-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-09-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-11-01T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-12-16T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-01-18T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-01-24T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-02-03T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-06-26T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "27"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.26.4.1",
"product": {
"name": "Amazon Corretto \u003c11.0.26.4.1",
"product_id": "T040500"
}
},
{
"category": "product_version",
"name": "11.0.26.4.1",
"product": {
"name": "Amazon Corretto 11.0.26.4.1",
"product_id": "T040500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.26.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.442.06.1",
"product": {
"name": "Amazon Corretto \u003c8.442.06.1",
"product_id": "T040501"
}
},
{
"category": "product_version",
"name": "8.442.06.1",
"product": {
"name": "Amazon Corretto 8.442.06.1",
"product_id": "T040501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.442.06.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
},
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Device Services",
"product": {
"name": "Avaya Aura Device Services",
"product_id": "T015517",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_device_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Breeze Platform",
"product": {
"name": "Avaya Breeze Platform",
"product_id": "T015823",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:breeze_platform:-"
}
}
},
{
"category": "product_name",
"name": "Avaya CMS",
"product": {
"name": "Avaya CMS",
"product_id": "997",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:call_management_system_server:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Session Border Controller",
"product": {
"name": "Avaya Session Border Controller",
"product_id": "T015520",
"product_identification_helper": {
"cpe": "cpe:/h:avaya:session_border_controller:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.2.0.2",
"product": {
"name": "Broadcom Brocade SANnav \u003cv2.2.0.2",
"product_id": "T023628"
}
},
{
"category": "product_version",
"name": "v2.2.0.2",
"product": {
"name": "Broadcom Brocade SANnav v2.2.0.2",
"product_id": "T023628-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:v2.2.0.2"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T010951",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Information Server",
"product": {
"name": "IBM InfoSphere Information Server",
"product_id": "T019995",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "21.1.0",
"product": {
"name": "Oracle Java SE 21.1.0",
"product_id": "T019902",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:21.1.0"
}
}
},
{
"category": "product_version",
"name": "11.0.11",
"product": {
"name": "Oracle Java SE 11.0.11",
"product_id": "T019903",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.11"
}
}
},
{
"category": "product_version",
"name": "Oracle Graal VM Enterprise Edition 20.3.2",
"product": {
"name": "Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2",
"product_id": "T019933",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2"
}
}
},
{
"category": "product_version",
"name": "7u301",
"product": {
"name": "Oracle Java SE 7u301",
"product_id": "T019934",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:7u301"
}
}
},
{
"category": "product_version",
"name": "8u291",
"product": {
"name": "Oracle Java SE 8u291",
"product_id": "T019935",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u291"
}
}
},
{
"category": "product_version",
"name": "16.0.1",
"product": {
"name": "Oracle Java SE 16.0.1",
"product_id": "T019936",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:16.0.1"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.10 CU 11",
"product": {
"name": "Trellix ePolicy Orchestrator \u003c5.10 CU 11",
"product_id": "T024888"
}
},
{
"category": "product_version",
"name": "5.10 CU 11",
"product": {
"name": "Trellix ePolicy Orchestrator 5.10 CU 11",
"product_id": "T024888-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:trellix:epolicy_orchestrator:5.10_update_14"
}
}
}
],
"category": "product_name",
"name": "ePolicy Orchestrator"
}
],
"category": "vendor",
"name": "Trellix"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28928",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2020-28928"
},
{
"cve": "CVE-2021-2341",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2021-2341"
},
{
"cve": "CVE-2021-2369",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2021-2369"
},
{
"cve": "CVE-2021-2388",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2021-2388"
},
{
"cve": "CVE-2021-2432",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2021-2432"
},
{
"cve": "CVE-2021-29921",
"product_status": {
"known_affected": [
"67646",
"T015823",
"T010951",
"T015127",
"T004914",
"T015520",
"T019995",
"T019933",
"T019935",
"T020304",
"997",
"T019934",
"T024888",
"T019936",
"398363",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T017562",
"T023628",
"2951",
"T002207",
"T000126",
"T019902",
"T019903",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2021-07-20T22:00:00.000+00:00",
"title": "CVE-2021-29921"
}
]
}
WID-SEC-W-2023-2460
Vulnerability from csaf_certbund - Published: 2021-05-03 22:00 - Updated: 2024-12-01 23:00Summary
Python: Schwachstelle ermöglicht Manipulation
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Python ist eine universelle, üblicherweise interpretierte höhere Programmiersprache.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Python ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Es existiert eine Schwachstelle in Python. Der Fehler besteht aufgrund einer unsachgemäßen Eingabevalidierung von oktalen Zeichenfolgen in der "stdlib ipaddress", was zu einer Server-Side Request Forgery führt. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Python <=3.10
Open Source / Python
|
<=3.10 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Python ist eine universelle, \u00fcblicherweise interpretierte h\u00f6here Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Python ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2460 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-2460.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2460 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2460"
},
{
"category": "external",
"summary": "Python impacted by critical IP address validation vom 2021-05-03",
"url": "https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/"
},
{
"category": "external",
"summary": "Python: Affected by Critical IP Address Validation Vulnerability vom 2021-05-03",
"url": "https://www.ehackingnews.com/2021/05/python-affected-by-critical-ip-address.html"
},
{
"category": "external",
"summary": "Python stdlib ipaddress server-side request forgery vom 2021-05-03",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201083"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4973-1 vom 2021-06-01",
"url": "https://ubuntu.com/security/notices/USN-4973-1"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20210622-0003 vom 2021-06-22",
"url": "https://security.netapp.com/advisory/ntap-20210622-0003/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3254 vom 2021-08-25",
"url": "https://access.redhat.com/errata/RHSA-2021:3254"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2940-1 vom 2021-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009402.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4973-2 vom 2021-10-04",
"url": "https://ubuntu.com/security/notices/USN-4973-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4160 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4160"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4162 vom 2021-11-10",
"url": "https://access.redhat.com/errata/RHSA-2021:4162"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASPYTHON3.8-2023-009 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASPYTHON3.8-2023-009.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6891-1 vom 2024-07-11",
"url": "https://ubuntu.com/security/notices/USN-6891-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3980 vom 2024-12-02",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"source_lang": "en-US",
"title": "Python: Schwachstelle erm\u00f6glicht Manipulation",
"tracking": {
"current_release_date": "2024-12-01T23:00:00.000+00:00",
"generator": {
"date": "2024-12-02T11:34:18.360+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2460",
"initial_release_date": "2021-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-06-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-06-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2021-08-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-09-05T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-10-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-12-01T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=3.8.0",
"product": {
"name": "Open Source Python \u003e=3.8.0",
"product_id": "T015250"
}
},
{
"category": "product_version_range",
"name": "\u003e=3.8.0",
"product": {
"name": "Open Source Python \u003e=3.8.0",
"product_id": "T015250-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=3.10",
"product": {
"name": "Open Source Python \u003c=3.10",
"product_id": "T019175"
}
},
{
"category": "product_version_range",
"name": "\u003c=3.10",
"product": {
"name": "Open Source Python \u003c=3.10",
"product_id": "T019175-fixed"
}
}
],
"category": "product_name",
"name": "Python"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29921",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Python. Der Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung von oktalen Zeichenfolgen in der \"stdlib ipaddress\", was zu einer Server-Side Request Forgery f\u00fchrt. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T016960"
],
"last_affected": [
"T019175"
]
},
"release_date": "2021-05-03T22:00:00.000+00:00",
"title": "CVE-2021-29921"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…