Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-3389 (GCVE-0-2011-3389)
Vulnerability from cvelistv5 – Published: 2011-09-06 19:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
94 references
Date Public
2004-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74829",
"refsource": "OSVDB",
"url": "http://osvdb.org/74829"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3389",
"datePublished": "2011-09-06T19:00:00.000Z",
"dateReserved": "2011-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-3389",
"date": "2026-05-27",
"epss": "0.03832",
"percentile": "0.88311"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-3389\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-09-06T19:55:03.197\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \\\"BEAST\\\" attack.\"},{\"lang\":\"es\",\"value\":\"El protocolo SSL, como se utiliza en ciertas configuraciones en Microsoft Windows y Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera y otros productos, cifra los datos mediante el uso del modo CBC con vectores de inicializaci\u00f3n encadenados, lo que permite a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano a trav\u00e9s de un ataque blockwise chosen-boundary (BCBA) en una sesi\u00f3n HTTPS, junto con el c\u00f3digo de JavaScript que usa (1) la API WebSocket HTML5, (2) la API Java URLConnection o (3) la API Silverlight WebClient, tambi\u00e9n conocido como un ataque \\\"BEAST\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B565E1-C2F1-44FC-A517-E3130332B17C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C37BA825-679F-4257-9F2B-CE2318B75396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D4FFCF-5309-43B6-9FD5-680C6D535A7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4545786D-3129-4D92-B218-F4A92428ED48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.1\",\"matchCriteriaId\":\"416A895C-F973-4C13-AB9B-32D56B32C14B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB562D2A-9B77-42DD-A49B-F5E909E69589\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.1\",\"matchCriteriaId\":\"46F9E136-5346-4761-A60B-1A1F12DD75BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2310C8A4-DFE4-44E4-B840-2FF1744F785D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.10.6\",\"versionEndIncluding\":\"7.23.1\",\"matchCriteriaId\":\"5320D044-368E-450B-B658-E861ABECA82C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0554C89-3716-49F3-BFAE-E008D5E4E29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6D0378-F0F4-4AAA-80AF-8287C790EC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"01EDA41C-6B2E-49AF-B503-EB3882265C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87614B58-24AB-49FB-9C84-E8DDBA16353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF49D26F-142E-468B-87C1-BABEA445255C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4174F4F-149E-41A6-BBCC-D01114C05F38\"}]}]}],\"references\":[{\"url\":\"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20120124B.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2016-001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://ekoparty.org/2011/juliano-rizzo.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://eprint.iacr.org/2004/111\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://eprint.iacr.org/2006/136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/74829\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0508.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1455.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45791\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/47998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48256\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48692\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48915\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48948\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/49198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55322\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55350\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55351\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201203-02.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-32.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4999\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5001\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5130\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://technet.microsoft.com/security/advisory/2588513\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://vnhacker.blogspot.com/2011/09/beast.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2398\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.ibm.com/developerworks/java/jdk/alerts/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.insecure.cl/Beast-SSL.rar\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/864643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:058\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.opera.com/docs/changelogs/mac/1151/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/mac/1160/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unix/1151/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unix/1160/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/windows/1151/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/windows/1160/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/support/kb/view/1004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1384.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2012-0006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/49388\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49778\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029190\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1025997\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026103\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1263-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=719047\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=737506\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/13154861\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/13155432\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20120124B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2016-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://ekoparty.org/2011/juliano-rizzo.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://eprint.iacr.org/2004/111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://eprint.iacr.org/2006/136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/74829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0508.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1455.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/47998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/48948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/49198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/55351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201203-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-32.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://technet.microsoft.com/security/advisory/2588513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://vnhacker.blogspot.com/2011/09/beast.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.ibm.com/developerworks/java/jdk/alerts/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.insecure.cl/Beast-SSL.rar\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/864643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.opera.com/docs/changelogs/mac/1151/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/mac/1160/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unix/1151/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unix/1160/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/windows/1151/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/windows/1160/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/support/kb/view/1004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1384.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2012-0006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/49388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1025997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1263-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=719047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=737506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/13154861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/13155432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis - Published: 2019-01-10 - Updated: 2019-01-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"initial_release_date": "2019-01-10T00:00:00",
"last_revision_date": "2019-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-311
Vulnerability from certfr_avis - Published: 2019-07-09 - Updated: 2019-07-09
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions antérieures à V7.90 | ||
| Siemens | N/A | Spectrum Power 3, 4, 5 et 7 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | RAPIDPoint 500 | ||
| Siemens | N/A | SIMATIC IPC627E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions antérieures à VC12M sans le correctif AX037/19/P | ||
| Siemens | N/A | Sensis SIS Server Machine, Mat. Nr. 06648153: versions antérieures à VC11D, VC12M, VD11B sans le correctif AX037/19/P | ||
| Siemens | N/A | SIMATIC RF68XR versions antérieures à V3.2.1 | ||
| Siemens | N/A | SIMATIC IPC427E avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | SIMATIC IPC647E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | TIA Administrator versions antérieures à V1.0 SP1 Upd1 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd 3 | ||
| Siemens | N/A | SIMATIC IPC847E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC IPC677E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC RF615R versions antérieures à V3.2.1 | ||
| Siemens | N/A | SIMATIC IPC477E Pro avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | Sensis High End SIS Server, Mat. Nr. 10140973: versions antérieures à VC11D, VC12M sans le correctif AX037/19/P | ||
| Siemens | N/A | SIMATIC IPC477E avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | DIGSI 5 versions antérieures à V7.90 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | VM SIS Virtual Server, Mat. Nr. 10765502: versions antérieures à VC12M sans le correctif AX037/19/P |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 3, 4, 5 et 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RAPIDPoint 500",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC627E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC647E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC677E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E Pro avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2016-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6329"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2019-10930",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10930"
},
{
"name": "CVE-2019-10915",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10915"
},
{
"name": "CVE-2019-10931",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10931"
},
{
"name": "CVE-2019-10935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10935"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10933"
},
{
"name": "CVE-2019-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
}
],
"initial_release_date": "2019-07-09T00:00:00",
"last_revision_date": "2019-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-311",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
FKIE_CVE-2011-3389
Vulnerability from fkie_nvd - Published: 2011-09-06 19:55 - Updated: 2026-04-29 01:13
Severity
Summary
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ | Third Party Advisory | |
| cve@mitre.org | http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx | Third Party Advisory | |
| cve@mitre.org | http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx | Third Party Advisory | |
| cve@mitre.org | http://curl.haxx.se/docs/adv_20120124B.html | Third Party Advisory | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-001.html | Third Party Advisory | |
| cve@mitre.org | http://ekoparty.org/2011/juliano-rizzo.php | Broken Link | |
| cve@mitre.org | http://eprint.iacr.org/2004/111 | Third Party Advisory | |
| cve@mitre.org | http://eprint.iacr.org/2006/136 | Third Party Advisory | |
| cve@mitre.org | http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html | Not Applicable, Vendor Advisory | |
| cve@mitre.org | http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 | Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html | Broken Link | |
| cve@mitre.org | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html | Broken Link | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | Broken Link, Mailing List | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html | Broken Link, Mailing List | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | Broken Link, Mailing List | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | Broken Link, Mailing List | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | Broken Link, Mailing List | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | Broken Link | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=132750579901589&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=132872385320240&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=133365109612558&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=133728004526190&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=134254866602253&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=134254957702612&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue | Third Party Advisory | |
| cve@mitre.org | http://osvdb.org/74829 | Broken Link | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-0508.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-1455.html | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/45791 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/47998 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48256 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48692 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48915 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48948 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/49198 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/55322 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/55350 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/55351 | Not Applicable | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201203-02.xml | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201406-32.xml | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4999 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT5001 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT5130 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT5281 | Broken Link | |
| cve@mitre.org | http://support.apple.com/kb/HT5501 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT6150 | Third Party Advisory | |
| cve@mitre.org | http://technet.microsoft.com/security/advisory/2588513 | Patch, Vendor Advisory | |
| cve@mitre.org | http://vnhacker.blogspot.com/2011/09/beast.html | Third Party Advisory | |
| cve@mitre.org | http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2398 | Third Party Advisory | |
| cve@mitre.org | http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html | Broken Link | |
| cve@mitre.org | http://www.ibm.com/developerworks/java/jdk/alerts/ | Third Party Advisory | |
| cve@mitre.org | http://www.imperialviolet.org/2011/09/23/chromeandbeast.html | Third Party Advisory | |
| cve@mitre.org | http://www.insecure.cl/Beast-SSL.rar | Broken Link, Patch | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/864643 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 | Broken Link | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/mac/1151/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/mac/1160/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/unix/1151/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/unix/1160/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/windows/1151/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/docs/changelogs/windows/1160/ | Third Party Advisory | |
| cve@mitre.org | http://www.opera.com/support/kb/view/1004/ | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html | Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-1384.html | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2012-0006.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/49388 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/49778 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1029190 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1025997 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1026103 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1026704 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1263-1 | Third Party Advisory | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA12-010A.html | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.novell.com/show_bug.cgi?id=719047 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=737506 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf | Third Party Advisory | |
| cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 | Patch, Vendor Advisory | |
| cve@mitre.org | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 | Broken Link | |
| cve@mitre.org | https://hermes.opensuse.org/messages/13154861 | Broken Link | |
| cve@mitre.org | https://hermes.opensuse.org/messages/13155432 | Broken Link | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://curl.haxx.se/docs/adv_20120124B.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-001.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ekoparty.org/2011/juliano-rizzo.php | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://eprint.iacr.org/2004/111 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://eprint.iacr.org/2006/136 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132750579901589&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132872385320240&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133365109612558&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133728004526190&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=134254866602253&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=134254957702612&w=2 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/74829 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0508.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1455.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45791 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47998 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48256 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48692 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48915 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48948 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49198 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55322 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55350 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55351 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201203-02.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4999 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5130 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5281 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5501 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6150 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://technet.microsoft.com/security/advisory/2588513 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://vnhacker.blogspot.com/2011/09/beast.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2398 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/developerworks/java/jdk/alerts/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.imperialviolet.org/2011/09/23/chromeandbeast.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.insecure.cl/Beast-SSL.rar | Broken Link, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/864643 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/mac/1151/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/mac/1160/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/unix/1151/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/unix/1160/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/windows/1151/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/docs/changelogs/windows/1160/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.opera.com/support/kb/view/1004/ | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1384.html | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2012-0006.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49388 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49778 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029190 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025997 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026103 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026704 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1263-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-010A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=719047 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=737506 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/13154861 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/13155432 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | - | ||
| microsoft | internet_explorer | - | |
| mozilla | firefox | - | |
| opera | opera_browser | - | |
| microsoft | windows | - | |
| siemens | simatic_rf68xr_firmware | * | |
| siemens | simatic_rf68xr | - | |
| siemens | simatic_rf615r_firmware | * | |
| siemens | simatic_rf615r | - | |
| haxx | curl | * | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 6.2 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 6.2 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4545786D-3129-4D92-B218-F4A92428ED48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "416A895C-F973-4C13-AB9B-32D56B32C14B",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB562D2A-9B77-42DD-A49B-F5E909E69589",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F9E136-5346-4761-A60B-1A1F12DD75BB",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2310C8A4-DFE4-44E4-B840-2FF1744F785D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5320D044-368E-450B-B658-E861ABECA82C",
"versionEndIncluding": "7.23.1",
"versionStartIncluding": "7.10.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
},
{
"lang": "es",
"value": "El protocolo SSL, como se utiliza en ciertas configuraciones en Microsoft Windows y Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera y otros productos, cifra los datos mediante el uso del modo CBC con vectores de inicializaci\u00f3n encadenados, lo que permite a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano a trav\u00e9s de un ataque blockwise chosen-boundary (BCBA) en una sesi\u00f3n HTTPS, junto con el c\u00f3digo de JavaScript que usa (1) la API WebSocket HTML5, (2) la API Java URLConnection o (3) la API Silverlight WebClient, tambi\u00e9n conocido como un ataque \"BEAST\"."
}
],
"id": "CVE-2011-3389",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-06T19:55:03.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/74829"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/45791"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47998"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48256"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48692"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48915"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48948"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49198"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55322"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55350"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55351"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/74829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/45791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RHCH-PCQ2-7GP3
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2025-04-11 03:50
VLAI
Details
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
{
"affected": [],
"aliases": [
"CVE-2011-3389"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-09-06T19:55:00Z",
"severity": "MODERATE"
},
"details": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"id": "GHSA-rhch-pcq2-7gp3",
"modified": "2025-04-11T03:50:17Z",
"published": "2022-05-13T01:07:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389"
},
{
"type": "WEB",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"type": "WEB",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"type": "WEB",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"type": "WEB",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"type": "WEB",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"type": "WEB",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"type": "WEB",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"type": "WEB",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"type": "WEB",
"url": "http://eprint.iacr.org/2004/111"
},
{
"type": "WEB",
"url": "http://eprint.iacr.org/2006/136"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"type": "WEB",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"type": "WEB",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"type": "WEB",
"url": "http://osvdb.org/74829"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45791"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/47998"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48256"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48692"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48915"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48948"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49198"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/55322"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/55350"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/55351"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4999"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5001"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5130"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5281"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5501"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6150"
},
{
"type": "WEB",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"type": "WEB",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"type": "WEB",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"type": "WEB",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"type": "WEB",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts"
},
{
"type": "WEB",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"type": "WEB",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/mac/1151"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/mac/1160"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/unix/1151"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/unix/1160"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/windows/1151"
},
{
"type": "WEB",
"url": "http://www.opera.com/docs/changelogs/windows/1160"
},
{
"type": "WEB",
"url": "http://www.opera.com/support/kb/view/1004"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2011-3389
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-3389",
"description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"id": "GSD-2011-3389",
"references": [
"https://www.suse.com/security/cve/CVE-2011-3389.html",
"https://www.debian.org/security/2012/dsa-2398",
"https://www.debian.org/security/2011/dsa-2368",
"https://www.debian.org/security/2011/dsa-2358",
"https://www.debian.org/security/2011/dsa-2356",
"https://access.redhat.com/errata/RHSA-2013:1455",
"https://access.redhat.com/errata/RHSA-2012:0508",
"https://access.redhat.com/errata/RHSA-2012:0343",
"https://access.redhat.com/errata/RHSA-2012:0034",
"https://access.redhat.com/errata/RHSA-2012:0006",
"https://access.redhat.com/errata/RHSA-2011:1384",
"https://access.redhat.com/errata/RHSA-2011:1380",
"https://alas.aws.amazon.com/cve/html/CVE-2011-3389.html",
"https://linux.oracle.com/cve/CVE-2011-3389.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-3389"
],
"details": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"id": "GSD-2011-3389",
"modified": "2023-12-13T01:19:09.516346Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74829",
"refsource": "OSVDB",
"url": "http://osvdb.org/74829"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.23.1",
"versionStartIncluding": "7.10.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "49388",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "74829",
"refsource": "OSVDB",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/74829"
},
{
"name": "45791",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "49778",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "SSRT100740",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "49198",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "48692",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "48948",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48948"
},
{
"name": "48915",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"tags": [
"Broken Link"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "55351",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "55322",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "55350",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "SSRT100805",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "48256",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "47998",
"refsource": "SECUNIA",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "MS12-006",
"refsource": "MS",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2022-11-29T15:56Z",
"publishedDate": "2011-09-06T19:55Z"
}
}
}
ICSA-14-098-03
Vulnerability from csaf_cisa - Published: 2014-01-09 07:00 - Updated: 2025-06-09 19:47Summary
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
References
10 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| https://www.cisa.gov/uscert/sites/default/files/p… | external |
| https://www.cisa.gov/uscert/ncas/tips/ST04-014 | external |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-14-098-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2014/icsa-14-098-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-14-098-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-098-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Siemens Ruggedcom WIN Products BEAST Attack Vulnerability",
"tracking": {
"current_release_date": "2025-06-09T19:47:56.923899Z",
"generator": {
"date": "2025-06-09T19:47:56.923841Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-14-098-03",
"initial_release_date": "2014-01-09T07:00:00.000000Z",
"revision_history": [
{
"date": "2014-01-09T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-06-09T19:47:56.923899Z",
"legacy_version": "CSAF Conversion",
"number": "2",
"summary": "Advisory converted into a CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv4.4",
"product": {
"name": "Siemens WIN7000: \u003cv4.4",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WIN7000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv4.4",
"product": {
"name": "Siemens WIN7200: \u003cv4.4",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WIN7200"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv4.4",
"product": {
"name": "Siemens WIN5100: \u003cv4.4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "WIN5100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv4.4",
"product": {
"name": "Siemens WIN5200: \u003cv4.4",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "WIN5200"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Siemens has provided a firmware update (Ruggedcom WIN v4.4) that supports the mitigation technique and recommends customers to update to this version (http://www.siemens.com/cert/advisories)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.siemens.com/cert/advisories"
}
],
"scores": [
{
"cvss_v2": {
"baseScore": 4.3,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
ICSA-19-192-04
Vulnerability from csaf_cisa - Published: 2019-07-09 00:00 - Updated: 2019-07-09 00:00Summary
ICSA-19-192-04 Siemens SIMATIC RF6XXR
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's TXT advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
General Recommendations: As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens' operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.
General Recommendations: Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity
Terms of Use: Siemens Security Advisories are subject to the terms and conditions containedin Siemens' underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter "License Terms"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens' Global Website(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.
CWE-20
- Improper Input Validation
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
CWE-331
- Insufficient Entropy
References
13 references
| URL | Category |
|---|---|
| https://cert-portal.siemens.com/productcert/txt/s… | self |
| https://raw.githubusercontent.com/cisagov/CSAF/re… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
Acknowledgments
United Utilities
Wendy Parrington
{
"document": {
"acknowledgments": [
{
"names": [
"Wendy Parrington"
],
"organization": "United Utilities",
"summary": "coordinating disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s TXT advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens\u0027 operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions containedin Siemens\u0027 underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter \"License Terms\"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website(https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-556833: TLS Vulnerabilities in SIMATIC RF6XXR",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-192-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2019/icsa-19-192-04.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-19-192-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-192-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICSA-19-192-04 Siemens SIMATIC RF6XXR",
"tracking": {
"current_release_date": "2019-07-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-192-04",
"initial_release_date": "2019-07-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-07-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF615R",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC RF615R"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.1",
"product": {
"name": "SIMATIC RF68XR",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC RF68XR"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a \"BEAST\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6329",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a \"Sweet32\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6329"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"notes": [
{
"category": "summary",
"text": "TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109768501"
},
{
"category": "mitigation",
"details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
ICSMA-18-058-02
Vulnerability from csaf_cisa - Published: 2018-02-27 00:00 - Updated: 2018-02-27 00:00Summary
Philips Intellispace Portal ISP Vulnerabilities
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, perform man-in-the-middle attacks, create denial of service conditions, or execute arbitrary code.
Critical infrastructure sectors: Healthcare and Public Health
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.0 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.0 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.0 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IntelliSpace Portal 8.0.x: *
Phillips / IntelliSpace Portal 8.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
IntelliSpace Portal 7.0.x: *
Phillips / IntelliSpace Portal 7.0.x
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
References
59 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-medical-advi… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://www.cisa.gov/uscert/sites/default/files/p… | external |
| https://www.cisa.gov/uscert/ncas/tips/ST04-014 | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.1#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.1#CVSS:3.… | external |
Acknowledgments
Phillips
{
"document": {
"acknowledgments": [
{
"organization": "Phillips",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, perform man-in-the-middle attacks, create denial of service conditions, or execute arbitrary code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-18-058-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-058-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSMA-18-058-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Philips Intellispace Portal ISP Vulnerabilities",
"tracking": {
"current_release_date": "2018-02-27T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-18-058-02",
"initial_release_date": "2018-02-27T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-02-27T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-18-058-02 Philips Intellispace Portal ISP Vulnerabilities"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "IntelliSpace Portal 8.0.x: *",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "IntelliSpace Portal 8.0.x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "IntelliSpace Portal 7.0.x: *",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "IntelliSpace Portal 7.0.x"
}
],
"category": "vendor",
"name": "Phillips"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5474",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5474"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0144"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0145",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0145"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0146"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0148",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0148"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0272",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0272"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0277",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0277"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0278",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0278"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0279",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0279"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0269",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0269"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0273",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0273"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0280",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0280"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0147",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka \"Windows SMB Information Disclosure Vulnerability.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0147"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0267",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0267"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0268",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0268"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0270",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0270"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0271",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0271"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0274",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0274"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0275",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0275"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0276",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0276"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5472",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5472"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5468",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0199",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0199"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2005-1794",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1794"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5470",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5470"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5454",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "summary",
"text": "The ISP has a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5454"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5458",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5458"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5462",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5462"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5464"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5466"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2004-2761",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2761"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-3566",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
OPENSUSE-SU-2020:0086-1
Vulnerability from csaf_opensuse - Published: 2020-01-21 15:12 - Updated: 2020-01-21 15:12Summary
Security update for python3
Severity
Important
Notes
Title of the patch: Security update for python3
Description of the patch: This update for python3 to version 3.6.10 fixes the following issues:
- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-86
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
180 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1027282 | self |
| https://bugzilla.suse.com/1029377 | self |
| https://bugzilla.suse.com/1029902 | self |
| https://bugzilla.suse.com/1040164 | self |
| https://bugzilla.suse.com/1042670 | self |
| https://bugzilla.suse.com/1070853 | self |
| https://bugzilla.suse.com/1079761 | self |
| https://bugzilla.suse.com/1081750 | self |
| https://bugzilla.suse.com/1083507 | self |
| https://bugzilla.suse.com/1086001 | self |
| https://bugzilla.suse.com/1088004 | self |
| https://bugzilla.suse.com/1088009 | self |
| https://bugzilla.suse.com/1088573 | self |
| https://bugzilla.suse.com/1094814 | self |
| https://bugzilla.suse.com/1107030 | self |
| https://bugzilla.suse.com/1109663 | self |
| https://bugzilla.suse.com/1109847 | self |
| https://bugzilla.suse.com/1120644 | self |
| https://bugzilla.suse.com/1122191 | self |
| https://bugzilla.suse.com/1129346 | self |
| https://bugzilla.suse.com/1130840 | self |
| https://bugzilla.suse.com/1133452 | self |
| https://bugzilla.suse.com/1137942 | self |
| https://bugzilla.suse.com/1138459 | self |
| https://bugzilla.suse.com/1141853 | self |
| https://bugzilla.suse.com/1149121 | self |
| https://bugzilla.suse.com/1149792 | self |
| https://bugzilla.suse.com/1149955 | self |
| https://bugzilla.suse.com/1151490 | self |
| https://bugzilla.suse.com/1153238 | self |
| https://bugzilla.suse.com/1159035 | self |
| https://bugzilla.suse.com/1159622 | self |
| https://bugzilla.suse.com/637176 | self |
| https://bugzilla.suse.com/658604 | self |
| https://bugzilla.suse.com/673071 | self |
| https://bugzilla.suse.com/709442 | self |
| https://bugzilla.suse.com/743787 | self |
| https://bugzilla.suse.com/747125 | self |
| https://bugzilla.suse.com/751718 | self |
| https://bugzilla.suse.com/754447 | self |
| https://bugzilla.suse.com/754677 | self |
| https://bugzilla.suse.com/787526 | self |
| https://bugzilla.suse.com/809831 | self |
| https://bugzilla.suse.com/831629 | self |
| https://bugzilla.suse.com/834601 | self |
| https://bugzilla.suse.com/871152 | self |
| https://bugzilla.suse.com/885662 | self |
| https://bugzilla.suse.com/885882 | self |
| https://bugzilla.suse.com/917607 | self |
| https://bugzilla.suse.com/942751 | self |
| https://bugzilla.suse.com/951166 | self |
| https://bugzilla.suse.com/983582 | self |
| https://bugzilla.suse.com/984751 | self |
| https://bugzilla.suse.com/985177 | self |
| https://bugzilla.suse.com/985348 | self |
| https://bugzilla.suse.com/989523 | self |
| https://www.suse.com/security/cve/CVE-2011-3389/ | self |
| https://www.suse.com/security/cve/CVE-2011-4944/ | self |
| https://www.suse.com/security/cve/CVE-2012-0845/ | self |
| https://www.suse.com/security/cve/CVE-2012-1150/ | self |
| https://www.suse.com/security/cve/CVE-2013-1752/ | self |
| https://www.suse.com/security/cve/CVE-2013-4238/ | self |
| https://www.suse.com/security/cve/CVE-2014-2667/ | self |
| https://www.suse.com/security/cve/CVE-2014-4650/ | self |
| https://www.suse.com/security/cve/CVE-2016-0772/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000110/ | self |
| https://www.suse.com/security/cve/CVE-2016-5636/ | self |
| https://www.suse.com/security/cve/CVE-2016-5699/ | self |
| https://www.suse.com/security/cve/CVE-2017-18207/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000802/ | self |
| https://www.suse.com/security/cve/CVE-2018-1060/ | self |
| https://www.suse.com/security/cve/CVE-2018-1061/ | self |
| https://www.suse.com/security/cve/CVE-2018-14647/ | self |
| https://www.suse.com/security/cve/CVE-2018-20406/ | self |
| https://www.suse.com/security/cve/CVE-2018-20852/ | self |
| https://www.suse.com/security/cve/CVE-2019-10160/ | self |
| https://www.suse.com/security/cve/CVE-2019-15903/ | self |
| https://www.suse.com/security/cve/CVE-2019-16056/ | self |
| https://www.suse.com/security/cve/CVE-2019-16935/ | self |
| https://www.suse.com/security/cve/CVE-2019-5010/ | self |
| https://www.suse.com/security/cve/CVE-2019-9636/ | self |
| https://www.suse.com/security/cve/CVE-2019-9947/ | self |
| https://www.suse.com/security/cve/CVE-2011-3389 | external |
| https://bugzilla.suse.com/716002 | external |
| https://bugzilla.suse.com/719047 | external |
| https://bugzilla.suse.com/725167 | external |
| https://bugzilla.suse.com/726096 | external |
| https://bugzilla.suse.com/739248 | external |
| https://bugzilla.suse.com/739256 | external |
| https://bugzilla.suse.com/742306 | external |
| https://bugzilla.suse.com/751718 | external |
| https://bugzilla.suse.com/759666 | external |
| https://bugzilla.suse.com/763598 | external |
| https://bugzilla.suse.com/814655 | external |
| https://www.suse.com/security/cve/CVE-2011-4944 | external |
| https://bugzilla.suse.com/754447 | external |
| https://www.suse.com/security/cve/CVE-2012-0845 | external |
| https://bugzilla.suse.com/747125 | external |
| https://www.suse.com/security/cve/CVE-2012-1150 | external |
| https://bugzilla.suse.com/751718 | external |
| https://bugzilla.suse.com/755383 | external |
| https://bugzilla.suse.com/826682 | external |
| https://www.suse.com/security/cve/CVE-2013-1752 | external |
| https://bugzilla.suse.com/856835 | external |
| https://bugzilla.suse.com/856836 | external |
| https://bugzilla.suse.com/863741 | external |
| https://bugzilla.suse.com/885882 | external |
| https://bugzilla.suse.com/898572 | external |
| https://bugzilla.suse.com/912739 | external |
| https://www.suse.com/security/cve/CVE-2013-4238 | external |
| https://bugzilla.suse.com/834601 | external |
| https://bugzilla.suse.com/839107 | external |
| https://bugzilla.suse.com/882915 | external |
| https://bugzilla.suse.com/912739 | external |
| https://www.suse.com/security/cve/CVE-2014-2667 | external |
| https://bugzilla.suse.com/871152 | external |
| https://www.suse.com/security/cve/CVE-2014-4650 | external |
| https://bugzilla.suse.com/856835 | external |
| https://bugzilla.suse.com/856836 | external |
| https://bugzilla.suse.com/863741 | external |
| https://bugzilla.suse.com/885882 | external |
| https://bugzilla.suse.com/898572 | external |
| https://bugzilla.suse.com/912739 | external |
| https://www.suse.com/security/cve/CVE-2016-0772 | external |
| https://bugzilla.suse.com/984751 | external |
| https://www.suse.com/security/cve/CVE-2016-1000110 | external |
| https://bugzilla.suse.com/988484 | external |
| https://bugzilla.suse.com/989523 | external |
| https://www.suse.com/security/cve/CVE-2016-5636 | external |
| https://bugzilla.suse.com/1065451 | external |
| https://bugzilla.suse.com/1106262 | external |
| https://bugzilla.suse.com/985177 | external |
| https://www.suse.com/security/cve/CVE-2016-5699 | external |
| https://bugzilla.suse.com/1122729 | external |
| https://bugzilla.suse.com/1130840 | external |
| https://bugzilla.suse.com/985348 | external |
| https://bugzilla.suse.com/985351 | external |
| https://bugzilla.suse.com/986630 | external |
| https://www.suse.com/security/cve/CVE-2017-18207 | external |
| https://bugzilla.suse.com/1083507 | external |
| https://www.suse.com/security/cve/CVE-2018-1000802 | external |
| https://bugzilla.suse.com/1109663 | external |
| https://www.suse.com/security/cve/CVE-2018-1060 | external |
| https://bugzilla.suse.com/1088009 | external |
| https://www.suse.com/security/cve/CVE-2018-1061 | external |
| https://bugzilla.suse.com/1088004 | external |
| https://www.suse.com/security/cve/CVE-2018-14647 | external |
| https://bugzilla.suse.com/1109847 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://www.suse.com/security/cve/CVE-2018-20406 | external |
| https://bugzilla.suse.com/1120644 | external |
| https://www.suse.com/security/cve/CVE-2018-20852 | external |
| https://bugzilla.suse.com/1141853 | external |
| https://www.suse.com/security/cve/CVE-2019-10160 | external |
| https://bugzilla.suse.com/1138459 | external |
| https://www.suse.com/security/cve/CVE-2019-15903 | external |
| https://bugzilla.suse.com/1149429 | external |
| https://bugzilla.suse.com/1154738 | external |
| https://bugzilla.suse.com/1154806 | external |
| https://www.suse.com/security/cve/CVE-2019-16056 | external |
| https://bugzilla.suse.com/1149955 | external |
| https://www.suse.com/security/cve/CVE-2019-16935 | external |
| https://bugzilla.suse.com/1153238 | external |
| https://www.suse.com/security/cve/CVE-2019-5010 | external |
| https://bugzilla.suse.com/1122191 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://www.suse.com/security/cve/CVE-2019-9636 | external |
| https://bugzilla.suse.com/1129346 | external |
| https://bugzilla.suse.com/1135433 | external |
| https://bugzilla.suse.com/1138459 | external |
| https://bugzilla.suse.com/1145004 | external |
| https://www.suse.com/security/cve/CVE-2019-9947 | external |
| https://bugzilla.suse.com/1130840 | external |
| https://bugzilla.suse.com/1136184 | external |
| https://bugzilla.suse.com/1155094 | external |
| https://bugzilla.suse.com/1201559 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python3 to version 3.6.10 fixes the following issues:\n\n- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).\n- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-86",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0086-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0086-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRKGGFVSV7DDWCMAOSO6E3F66U2CF5XR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0086-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRKGGFVSV7DDWCMAOSO6E3F66U2CF5XR/"
},
{
"category": "self",
"summary": "SUSE Bug 1027282",
"url": "https://bugzilla.suse.com/1027282"
},
{
"category": "self",
"summary": "SUSE Bug 1029377",
"url": "https://bugzilla.suse.com/1029377"
},
{
"category": "self",
"summary": "SUSE Bug 1029902",
"url": "https://bugzilla.suse.com/1029902"
},
{
"category": "self",
"summary": "SUSE Bug 1040164",
"url": "https://bugzilla.suse.com/1040164"
},
{
"category": "self",
"summary": "SUSE Bug 1042670",
"url": "https://bugzilla.suse.com/1042670"
},
{
"category": "self",
"summary": "SUSE Bug 1070853",
"url": "https://bugzilla.suse.com/1070853"
},
{
"category": "self",
"summary": "SUSE Bug 1079761",
"url": "https://bugzilla.suse.com/1079761"
},
{
"category": "self",
"summary": "SUSE Bug 1081750",
"url": "https://bugzilla.suse.com/1081750"
},
{
"category": "self",
"summary": "SUSE Bug 1083507",
"url": "https://bugzilla.suse.com/1083507"
},
{
"category": "self",
"summary": "SUSE Bug 1086001",
"url": "https://bugzilla.suse.com/1086001"
},
{
"category": "self",
"summary": "SUSE Bug 1088004",
"url": "https://bugzilla.suse.com/1088004"
},
{
"category": "self",
"summary": "SUSE Bug 1088009",
"url": "https://bugzilla.suse.com/1088009"
},
{
"category": "self",
"summary": "SUSE Bug 1088573",
"url": "https://bugzilla.suse.com/1088573"
},
{
"category": "self",
"summary": "SUSE Bug 1094814",
"url": "https://bugzilla.suse.com/1094814"
},
{
"category": "self",
"summary": "SUSE Bug 1107030",
"url": "https://bugzilla.suse.com/1107030"
},
{
"category": "self",
"summary": "SUSE Bug 1109663",
"url": "https://bugzilla.suse.com/1109663"
},
{
"category": "self",
"summary": "SUSE Bug 1109847",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "self",
"summary": "SUSE Bug 1120644",
"url": "https://bugzilla.suse.com/1120644"
},
{
"category": "self",
"summary": "SUSE Bug 1122191",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "self",
"summary": "SUSE Bug 1129346",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "self",
"summary": "SUSE Bug 1130840",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "self",
"summary": "SUSE Bug 1133452",
"url": "https://bugzilla.suse.com/1133452"
},
{
"category": "self",
"summary": "SUSE Bug 1137942",
"url": "https://bugzilla.suse.com/1137942"
},
{
"category": "self",
"summary": "SUSE Bug 1138459",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "self",
"summary": "SUSE Bug 1141853",
"url": "https://bugzilla.suse.com/1141853"
},
{
"category": "self",
"summary": "SUSE Bug 1149121",
"url": "https://bugzilla.suse.com/1149121"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 1149955",
"url": "https://bugzilla.suse.com/1149955"
},
{
"category": "self",
"summary": "SUSE Bug 1151490",
"url": "https://bugzilla.suse.com/1151490"
},
{
"category": "self",
"summary": "SUSE Bug 1153238",
"url": "https://bugzilla.suse.com/1153238"
},
{
"category": "self",
"summary": "SUSE Bug 1159035",
"url": "https://bugzilla.suse.com/1159035"
},
{
"category": "self",
"summary": "SUSE Bug 1159622",
"url": "https://bugzilla.suse.com/1159622"
},
{
"category": "self",
"summary": "SUSE Bug 637176",
"url": "https://bugzilla.suse.com/637176"
},
{
"category": "self",
"summary": "SUSE Bug 658604",
"url": "https://bugzilla.suse.com/658604"
},
{
"category": "self",
"summary": "SUSE Bug 673071",
"url": "https://bugzilla.suse.com/673071"
},
{
"category": "self",
"summary": "SUSE Bug 709442",
"url": "https://bugzilla.suse.com/709442"
},
{
"category": "self",
"summary": "SUSE Bug 743787",
"url": "https://bugzilla.suse.com/743787"
},
{
"category": "self",
"summary": "SUSE Bug 747125",
"url": "https://bugzilla.suse.com/747125"
},
{
"category": "self",
"summary": "SUSE Bug 751718",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "self",
"summary": "SUSE Bug 754447",
"url": "https://bugzilla.suse.com/754447"
},
{
"category": "self",
"summary": "SUSE Bug 754677",
"url": "https://bugzilla.suse.com/754677"
},
{
"category": "self",
"summary": "SUSE Bug 787526",
"url": "https://bugzilla.suse.com/787526"
},
{
"category": "self",
"summary": "SUSE Bug 809831",
"url": "https://bugzilla.suse.com/809831"
},
{
"category": "self",
"summary": "SUSE Bug 831629",
"url": "https://bugzilla.suse.com/831629"
},
{
"category": "self",
"summary": "SUSE Bug 834601",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "self",
"summary": "SUSE Bug 871152",
"url": "https://bugzilla.suse.com/871152"
},
{
"category": "self",
"summary": "SUSE Bug 885662",
"url": "https://bugzilla.suse.com/885662"
},
{
"category": "self",
"summary": "SUSE Bug 885882",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "self",
"summary": "SUSE Bug 917607",
"url": "https://bugzilla.suse.com/917607"
},
{
"category": "self",
"summary": "SUSE Bug 942751",
"url": "https://bugzilla.suse.com/942751"
},
{
"category": "self",
"summary": "SUSE Bug 951166",
"url": "https://bugzilla.suse.com/951166"
},
{
"category": "self",
"summary": "SUSE Bug 983582",
"url": "https://bugzilla.suse.com/983582"
},
{
"category": "self",
"summary": "SUSE Bug 984751",
"url": "https://bugzilla.suse.com/984751"
},
{
"category": "self",
"summary": "SUSE Bug 985177",
"url": "https://bugzilla.suse.com/985177"
},
{
"category": "self",
"summary": "SUSE Bug 985348",
"url": "https://bugzilla.suse.com/985348"
},
{
"category": "self",
"summary": "SUSE Bug 989523",
"url": "https://bugzilla.suse.com/989523"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4944 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0845 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1150 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1752 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4650 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0772 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000110 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5636 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5699 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18207 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000802 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14647 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20406 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10160 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16056 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16935 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
}
],
"title": "Security update for python3",
"tracking": {
"current_release_date": "2020-01-21T15:12:01Z",
"generator": {
"date": "2020-01-21T15:12:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0086-1",
"initial_release_date": "2020-01-21T15:12:01Z",
"revision_history": [
{
"date": "2020-01-21T15:12:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"product_id": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-base-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-base-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-curses-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-curses-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-dbm-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-devel-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-devel-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-idle-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-idle-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-testsuite-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-tk-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-tk-3.6.10-lp151.6.7.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.10-lp151.6.7.1.i586",
"product": {
"name": "python3-tools-3.6.10-lp151.6.7.1.i586",
"product_id": "python3-tools-3.6.10-lp151.6.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"product_id": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-base-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-curses-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-dbm-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-devel-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-idle-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-tk-3.6.10-lp151.6.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"product": {
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"product_id": "python3-tools-3.6.10-lp151.6.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-base-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-base-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-curses-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-curses-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-curses-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-curses-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-dbm-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-dbm-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-devel-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-devel-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-devel-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-devel-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-idle-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-idle-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-testsuite-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tk-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-tk-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tk-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-tk-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tools-3.6.10-lp151.6.7.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586"
},
"product_reference": "python3-tools-3.6.10-lp151.6.7.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tools-3.6.10-lp151.6.7.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
},
"product_reference": "python3-tools-3.6.10-lp151.6.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-4944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4944"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4944",
"url": "https://www.suse.com/security/cve/CVE-2011-4944"
},
{
"category": "external",
"summary": "SUSE Bug 754447 for CVE-2011-4944",
"url": "https://bugzilla.suse.com/754447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2011-4944"
},
{
"cve": "CVE-2012-0845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0845"
}
],
"notes": [
{
"category": "general",
"text": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0845",
"url": "https://www.suse.com/security/cve/CVE-2012-0845"
},
{
"category": "external",
"summary": "SUSE Bug 747125 for CVE-2012-0845",
"url": "https://bugzilla.suse.com/747125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2012-0845"
},
{
"cve": "CVE-2012-1150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1150"
}
],
"notes": [
{
"category": "general",
"text": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1150",
"url": "https://www.suse.com/security/cve/CVE-2012-1150"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 755383 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/755383"
},
{
"category": "external",
"summary": "SUSE Bug 826682 for CVE-2012-1150",
"url": "https://bugzilla.suse.com/826682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2012-1150"
},
{
"cve": "CVE-2013-1752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1752"
}
],
"notes": [
{
"category": "general",
"text": "Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1752",
"url": "https://www.suse.com/security/cve/CVE-2013-1752"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-1752",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2013-1752"
},
{
"cve": "CVE-2013-4238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4238"
}
],
"notes": [
{
"category": "general",
"text": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4238",
"url": "https://www.suse.com/security/cve/CVE-2013-4238"
},
{
"category": "external",
"summary": "SUSE Bug 834601 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/834601"
},
{
"category": "external",
"summary": "SUSE Bug 839107 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/839107"
},
{
"category": "external",
"summary": "SUSE Bug 882915 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/882915"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2013-4238",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2013-4238"
},
{
"cve": "CVE-2014-2667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2667"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2667",
"url": "https://www.suse.com/security/cve/CVE-2014-2667"
},
{
"category": "external",
"summary": "SUSE Bug 871152 for CVE-2014-2667",
"url": "https://bugzilla.suse.com/871152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2014-2667"
},
{
"cve": "CVE-2014-4650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4650"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4650",
"url": "https://www.suse.com/security/cve/CVE-2014-4650"
},
{
"category": "external",
"summary": "SUSE Bug 856835 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856835"
},
{
"category": "external",
"summary": "SUSE Bug 856836 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/856836"
},
{
"category": "external",
"summary": "SUSE Bug 863741 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/863741"
},
{
"category": "external",
"summary": "SUSE Bug 885882 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/885882"
},
{
"category": "external",
"summary": "SUSE Bug 898572 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/898572"
},
{
"category": "external",
"summary": "SUSE Bug 912739 for CVE-2014-4650",
"url": "https://bugzilla.suse.com/912739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2014-4650"
},
{
"cve": "CVE-2016-0772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0772"
}
],
"notes": [
{
"category": "general",
"text": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0772",
"url": "https://www.suse.com/security/cve/CVE-2016-0772"
},
{
"category": "external",
"summary": "SUSE Bug 984751 for CVE-2016-0772",
"url": "https://bugzilla.suse.com/984751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-0772"
},
{
"cve": "CVE-2016-1000110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000110"
}
],
"notes": [
{
"category": "general",
"text": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000110",
"url": "https://www.suse.com/security/cve/CVE-2016-1000110"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 989523 for CVE-2016-1000110",
"url": "https://bugzilla.suse.com/989523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2016-5636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5636"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5636",
"url": "https://www.suse.com/security/cve/CVE-2016-5636"
},
{
"category": "external",
"summary": "SUSE Bug 1065451 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1065451"
},
{
"category": "external",
"summary": "SUSE Bug 1106262 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/1106262"
},
{
"category": "external",
"summary": "SUSE Bug 985177 for CVE-2016-5636",
"url": "https://bugzilla.suse.com/985177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-5636"
},
{
"cve": "CVE-2016-5699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5699"
}
],
"notes": [
{
"category": "general",
"text": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5699",
"url": "https://www.suse.com/security/cve/CVE-2016-5699"
},
{
"category": "external",
"summary": "SUSE Bug 1122729 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1122729"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 985348 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985348"
},
{
"category": "external",
"summary": "SUSE Bug 985351 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/985351"
},
{
"category": "external",
"summary": "SUSE Bug 986630 for CVE-2016-5699",
"url": "https://bugzilla.suse.com/986630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2016-5699"
},
{
"cve": "CVE-2017-18207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18207"
}
],
"notes": [
{
"category": "general",
"text": "The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18207",
"url": "https://www.suse.com/security/cve/CVE-2017-18207"
},
{
"category": "external",
"summary": "SUSE Bug 1083507 for CVE-2017-18207",
"url": "https://bugzilla.suse.com/1083507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2018-1000802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000802"
}
],
"notes": [
{
"category": "general",
"text": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000802",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802"
},
{
"category": "external",
"summary": "SUSE Bug 1109663 for CVE-2018-1000802",
"url": "https://bugzilla.suse.com/1109663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000802"
},
{
"cve": "CVE-2018-1060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1060"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1060",
"url": "https://www.suse.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "SUSE Bug 1088009 for CVE-2018-1060",
"url": "https://bugzilla.suse.com/1088009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2018-1060"
},
{
"cve": "CVE-2018-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1061"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1061",
"url": "https://www.suse.com/security/cve/CVE-2018-1061"
},
{
"category": "external",
"summary": "SUSE Bug 1088004 for CVE-2018-1061",
"url": "https://bugzilla.suse.com/1088004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "low"
}
],
"title": "CVE-2018-1061"
},
{
"cve": "CVE-2018-14647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14647"
}
],
"notes": [
{
"category": "general",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14647",
"url": "https://www.suse.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "SUSE Bug 1109847 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1109847"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-14647",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-14647"
},
{
"cve": "CVE-2018-20406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20406"
}
],
"notes": [
{
"category": "general",
"text": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20406",
"url": "https://www.suse.com/security/cve/CVE-2018-20406"
},
{
"category": "external",
"summary": "SUSE Bug 1120644 for CVE-2018-20406",
"url": "https://bugzilla.suse.com/1120644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-20406"
},
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
},
{
"cve": "CVE-2019-10160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10160"
}
],
"notes": [
{
"category": "general",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10160",
"url": "https://www.suse.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-10160",
"url": "https://bugzilla.suse.com/1138459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16056"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16056",
"url": "https://www.suse.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "SUSE Bug 1149955 for CVE-2019-16056",
"url": "https://bugzilla.suse.com/1149955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-16935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16935"
}
],
"notes": [
{
"category": "general",
"text": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16935",
"url": "https://www.suse.com/security/cve/CVE-2019-16935"
},
{
"category": "external",
"summary": "SUSE Bug 1153238 for CVE-2019-16935",
"url": "https://bugzilla.suse.com/1153238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9636"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9636",
"url": "https://www.suse.com/security/cve/CVE-2019-9636"
},
{
"category": "external",
"summary": "SUSE Bug 1129346 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1135433"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "external",
"summary": "SUSE Bug 1145004 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1145004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-base-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-base-32bit-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-curses-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-dbm-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-devel-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-idle-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-testsuite-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tk-3.6.10-lp151.6.7.1.x86_64",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.i586",
"openSUSE Leap 15.1:python3-tools-3.6.10-lp151.6.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-21T15:12:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
}
]
}
OPENSUSE-SU-2024:10194-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
fetchmail-6.3.26-13.4 on GA media
Severity
Moderate
Notes
Title of the patch: fetchmail-6.3.26-13.4 on GA media
Description of the patch: These are all security issues fixed in the fetchmail-6.3.26-13.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10194
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2009-2666/ | self |
| https://www.suse.com/security/cve/CVE-2010-1167/ | self |
| https://www.suse.com/security/cve/CVE-2011-1947/ | self |
| https://www.suse.com/security/cve/CVE-2011-3389/ | self |
| https://www.suse.com/security/cve/CVE-2012-3482/ | self |
| https://www.suse.com/security/cve/CVE-2009-2666 | external |
| https://bugzilla.suse.com/528746 | external |
| https://www.suse.com/security/cve/CVE-2010-1167 | external |
| https://bugzilla.suse.com/597673 | external |
| https://www.suse.com/security/cve/CVE-2011-1947 | external |
| https://bugzilla.suse.com/697368 | external |
| https://www.suse.com/security/cve/CVE-2011-3389 | external |
| https://bugzilla.suse.com/716002 | external |
| https://bugzilla.suse.com/719047 | external |
| https://bugzilla.suse.com/725167 | external |
| https://bugzilla.suse.com/726096 | external |
| https://bugzilla.suse.com/739248 | external |
| https://bugzilla.suse.com/739256 | external |
| https://bugzilla.suse.com/742306 | external |
| https://bugzilla.suse.com/751718 | external |
| https://bugzilla.suse.com/759666 | external |
| https://bugzilla.suse.com/763598 | external |
| https://bugzilla.suse.com/814655 | external |
| https://www.suse.com/security/cve/CVE-2012-3482 | external |
| https://bugzilla.suse.com/775988 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "fetchmail-6.3.26-13.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the fetchmail-6.3.26-13.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10194",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10194-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2666 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-1167 page",
"url": "https://www.suse.com/security/cve/CVE-2010-1167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1947 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3389 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3482 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3482/"
}
],
"title": "fetchmail-6.3.26-13.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10194-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.3.26-13.4.aarch64",
"product": {
"name": "fetchmail-6.3.26-13.4.aarch64",
"product_id": "fetchmail-6.3.26-13.4.aarch64"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.3.26-13.4.aarch64",
"product": {
"name": "fetchmailconf-6.3.26-13.4.aarch64",
"product_id": "fetchmailconf-6.3.26-13.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.3.26-13.4.ppc64le",
"product": {
"name": "fetchmail-6.3.26-13.4.ppc64le",
"product_id": "fetchmail-6.3.26-13.4.ppc64le"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.3.26-13.4.ppc64le",
"product": {
"name": "fetchmailconf-6.3.26-13.4.ppc64le",
"product_id": "fetchmailconf-6.3.26-13.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.3.26-13.4.s390x",
"product": {
"name": "fetchmail-6.3.26-13.4.s390x",
"product_id": "fetchmail-6.3.26-13.4.s390x"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.3.26-13.4.s390x",
"product": {
"name": "fetchmailconf-6.3.26-13.4.s390x",
"product_id": "fetchmailconf-6.3.26-13.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.3.26-13.4.x86_64",
"product": {
"name": "fetchmail-6.3.26-13.4.x86_64",
"product_id": "fetchmail-6.3.26-13.4.x86_64"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.3.26-13.4.x86_64",
"product": {
"name": "fetchmailconf-6.3.26-13.4.x86_64",
"product_id": "fetchmailconf-6.3.26-13.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.3.26-13.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64"
},
"product_reference": "fetchmail-6.3.26-13.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.3.26-13.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le"
},
"product_reference": "fetchmail-6.3.26-13.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.3.26-13.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x"
},
"product_reference": "fetchmail-6.3.26-13.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.3.26-13.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64"
},
"product_reference": "fetchmail-6.3.26-13.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.3.26-13.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64"
},
"product_reference": "fetchmailconf-6.3.26-13.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.3.26-13.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le"
},
"product_reference": "fetchmailconf-6.3.26-13.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.3.26-13.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x"
},
"product_reference": "fetchmailconf-6.3.26-13.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.3.26-13.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
},
"product_reference": "fetchmailconf-6.3.26-13.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2666"
}
],
"notes": [
{
"category": "general",
"text": "socket.c in fetchmail before 6.3.11 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2666",
"url": "https://www.suse.com/security/cve/CVE-2009-2666"
},
{
"category": "external",
"summary": "SUSE Bug 528746 for CVE-2009-2666",
"url": "https://bugzilla.suse.com/528746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-2666"
},
{
"cve": "CVE-2010-1167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-1167"
}
],
"notes": [
{
"category": "general",
"text": "fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-1167",
"url": "https://www.suse.com/security/cve/CVE-2010-1167"
},
{
"category": "external",
"summary": "SUSE Bug 597673 for CVE-2010-1167",
"url": "https://bugzilla.suse.com/597673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-1167"
},
{
"cve": "CVE-2011-1947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1947"
}
],
"notes": [
{
"category": "general",
"text": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1947",
"url": "https://www.suse.com/security/cve/CVE-2011-1947"
},
{
"category": "external",
"summary": "SUSE Bug 697368 for CVE-2011-1947",
"url": "https://bugzilla.suse.com/697368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1947"
},
{
"cve": "CVE-2011-3389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3389"
}
],
"notes": [
{
"category": "general",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3389",
"url": "https://www.suse.com/security/cve/CVE-2011-3389"
},
{
"category": "external",
"summary": "SUSE Bug 716002 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/716002"
},
{
"category": "external",
"summary": "SUSE Bug 719047 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/719047"
},
{
"category": "external",
"summary": "SUSE Bug 725167 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/725167"
},
{
"category": "external",
"summary": "SUSE Bug 726096 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/726096"
},
{
"category": "external",
"summary": "SUSE Bug 739248 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739248"
},
{
"category": "external",
"summary": "SUSE Bug 739256 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/739256"
},
{
"category": "external",
"summary": "SUSE Bug 742306 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/742306"
},
{
"category": "external",
"summary": "SUSE Bug 751718 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/751718"
},
{
"category": "external",
"summary": "SUSE Bug 759666 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/759666"
},
{
"category": "external",
"summary": "SUSE Bug 763598 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/763598"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2011-3389",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2012-3482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3482"
}
],
"notes": [
{
"category": "general",
"text": "Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3482",
"url": "https://www.suse.com/security/cve/CVE-2012-3482"
},
{
"category": "external",
"summary": "SUSE Bug 775988 for CVE-2012-3482",
"url": "https://bugzilla.suse.com/775988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmail-6.3.26-13.4.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.3.26-13.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3482"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…