Vulnerability-Lookup

CVE-2019-12900 (GCVE-0-2019-12900)

Vulnerability from cvelistv5 – Published: 2019-06-19 22:07 – Updated: 2025-06-09 15:57

Summary

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-787 - Out-of-bounds Write

Assigner

mitre

References

23 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4038-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4038-1/	vendor-advisoryx_refsource_UBUNTU
https://seclists.org/bugtraq/2019/Jul/22	mailing-listx_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisoryx_refsource_FREEBSD
https://seclists.org/bugtraq/2019/Aug/4	mailing-listx_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4146-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4146-2/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/ra0adb9653c7…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
http://packetstormsecurity.com/files/153644/Slack…	x_refsource_MISC
http://packetstormsecurity.com/files/153957/FreeB…	x_refsource_MISC
https://gitlab.com/federicomenaquintero/bzip2/com…	x_refsource_MISC
https://support.f5.com/csp/article/K68713584?utm_…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/rda983056694…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rce8cd8c30f6…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:55.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
          },
          {
            "name": "USN-4038-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4038-2/"
          },
          {
            "name": "USN-4038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4038-1/"
          },
          {
            "name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/22"
          },
          {
            "name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2019:1781",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
          },
          {
            "name": "FreeBSD-SA-19:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
          },
          {
            "name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/4"
          },
          {
            "name": "openSUSE-SU-2019:1918",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
          },
          {
            "name": "USN-4146-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4146-1/"
          },
          {
            "name": "USN-4146-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4146-2/"
          },
          {
            "name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
          },
          {
            "name": "openSUSE-SU-2019:2595",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2019:2597",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
          },
          {
            "name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
          },
          {
            "name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-12900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:54:12.653578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:57:25.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T13:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
        },
        {
          "name": "USN-4038-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4038-2/"
        },
        {
          "name": "USN-4038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4038-1/"
        },
        {
          "name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/22"
        },
        {
          "name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2019:1781",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
        },
        {
          "name": "FreeBSD-SA-19:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
        },
        {
          "name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/4"
        },
        {
          "name": "openSUSE-SU-2019:1918",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
        },
        {
          "name": "USN-4146-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4146-1/"
        },
        {
          "name": "USN-4146-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4146-2/"
        },
        {
          "name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
        },
        {
          "name": "openSUSE-SU-2019:2595",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2019:2597",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
        },
        {
          "name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
        },
        {
          "name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12900",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
            },
            {
              "name": "USN-4038-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4038-2/"
            },
            {
              "name": "USN-4038-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4038-1/"
            },
            {
              "name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/22"
            },
            {
              "name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1781",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
            },
            {
              "name": "FreeBSD-SA-19:18",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
            },
            {
              "name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/4"
            },
            {
              "name": "openSUSE-SU-2019:1918",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
            },
            {
              "name": "USN-4146-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4146-1/"
            },
            {
              "name": "USN-4146-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4146-2/"
            },
            {
              "name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
            },
            {
              "name": "openSUSE-SU-2019:2595",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2019:2597",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
            },
            {
              "name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
            },
            {
              "name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
              "refsource": "MISC",
              "url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
            },
            {
              "name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12900",
    "datePublished": "2019-06-19T22:07:57.000Z",
    "dateReserved": "2019-06-19T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:57:25.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-12900",
      "date": "2026-06-03",
      "epss": "0.01111",
      "percentile": "0.78478"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-19T23:15:09.910\",\"lastModified\":\"2025-06-09T16:15:29.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de l\u00edmites cuando hay muchos selectores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.6\",\"matchCriteriaId\":\"F1DF1F35-B07F-44DD-9B74-57B0CA6DC59C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8A5CDA-E099-47BA-A0C0-2F79C0432156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"63721E89-F453-423F-B34B-07B44C85A052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E47AE7-BB45-428E-90E9-38BFDFF23650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1164B48E-2F28-43C5-9B7B-546EAE12E27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B15B89-3AD2-4E03-9F47-DA934702187B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"878DF67E-420A-4229-BEA8-DB9F7161ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35957CE-AF9F-40CA-BDD1-FA6A0E73783F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA929713-B797-494A-853D-C121D9D69519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D71D083-3279-4DF4-91E1-38C373DD062F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"882669AB-BCFC-4517-A3E9-33D344F1ED0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3D24FB-50A2-4E37-A479-AF21F8ECD706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"3070787D-76E1-4671-B99D-213F7103B3A2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.0\",\"versionEndExcluding\":\"3.7.13\",\"matchCriteriaId\":\"0F9F989B-EEF4-44E0-8EC5-A6D109CB582A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8.0\",\"versionEndExcluding\":\"3.8.13\",\"matchCriteriaId\":\"A92B327D-75B5-4273-A454-428BC194C4A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9.0\",\"versionEndExcluding\":\"3.9.11\",\"matchCriteriaId\":\"1D93AE49-9E53-433F-AB01-A18C81CCEAED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.10.0\",\"versionEndExcluding\":\"3.10.3\",\"matchCriteriaId\":\"492C0F52-2AE3-427B-87E6-8A2E701F744A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jul/22\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4038-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4038-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4146-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4146-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jul/22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4038-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4038-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4146-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4146-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html\", \"name\": \"[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4038-2/\", \"name\": \"USN-4038-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4038-1/\", \"name\": \"USN-4038-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jul/22\", \"name\": \"20190715 [slackware-security] bzip2 (SSA:2019-195-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html\", \"name\": \"[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html\", \"name\": \"openSUSE-SU-2019:1781\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc\", \"name\": \"FreeBSD-SA-19:18\", \"tags\": [\"vendor-advisory\", \"x_refsource_FREEBSD\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/4\", \"name\": \"20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html\", \"name\": \"openSUSE-SU-2019:1918\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4146-1/\", \"name\": \"USN-4146-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4146-2/\", \"name\": \"USN-4146-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html\", \"name\": \"[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html\", \"name\": \"[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T23:32:55.554Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-12900\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T15:54:12.653578Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T15:53:49.764Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html\", \"name\": \"[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://usn.ubuntu.com/4038-2/\", \"name\": \"USN-4038-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/4038-1/\", \"name\": \"USN-4038-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jul/22\", \"name\": \"20190715 [slackware-security] bzip2 (SSA:2019-195-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html\", \"name\": \"[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html\", \"name\": \"openSUSE-SU-2019:1781\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc\", \"name\": \"FreeBSD-SA-19:18\", \"tags\": [\"vendor-advisory\", \"x_refsource_FREEBSD\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/4\", \"name\": \"20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html\", \"name\": \"openSUSE-SU-2019:1918\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://usn.ubuntu.com/4146-1/\", \"name\": \"USN-4146-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/4146-2/\", \"name\": \"USN-4146-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html\", \"name\": \"[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html\", \"name\": \"[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-07-17T13:06:11.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html\", \"name\": \"[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://usn.ubuntu.com/4038-2/\", \"name\": \"USN-4038-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/4038-1/\", \"name\": \"USN-4038-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Jul/22\", \"name\": \"20190715 [slackware-security] bzip2 (SSA:2019-195-01)\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html\", \"name\": \"[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html\", \"name\": \"openSUSE-SU-2019:1781\", \"refsource\": \"SUSE\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc\", \"name\": \"FreeBSD-SA-19:18\", \"refsource\": \"FREEBSD\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/4\", \"name\": \"20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html\", \"name\": \"openSUSE-SU-2019:1918\", \"refsource\": \"SUSE\"}, {\"url\": \"https://usn.ubuntu.com/4146-1/\", \"name\": \"USN-4146-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/4146-2/\", \"name\": \"USN-4146-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html\", \"name\": \"[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html\", \"name\": \"[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"refsource\": \"SUSE\"}, {\"url\": \"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\", \"name\": \"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\", \"name\": \"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\", \"name\": \"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS\", \"name\": \"https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E\", \"name\": \"[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni\", \"refsource\": \"MLIST\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-12900\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-12900\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-09T15:57:25.396Z\", \"dateReserved\": \"2019-06-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-06-19T22:07:57.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

SUSE-SU-2020:3729-1

Vulnerability from csaf_suse - Published: 2020-12-09 13:44 - Updated: 2020-12-09 13:44

Summary

Security update for clamav

Severity

Important

Notes

Title of the patch: Security update for clamav

Description of the patch: This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * Fix freshclam crash in FIPS mode. (bsc#1119353) Update to version 0.102.4: Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) - Increase the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed. (bsc#1151839)

Patchnames: SUSE-2020-3729,SUSE-SLE-SERVER-12-SP5-2020-3729

CVE-2019-12625

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-12900

8.4 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-15961

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3123

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3341

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3350

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-3481

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

42 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1118459	self
https://bugzilla.suse.com/1119353	self
https://bugzilla.suse.com/1144504	self
https://bugzilla.suse.com/1149458	self
https://bugzilla.suse.com/1151839	self
https://bugzilla.suse.com/1157763	self
https://bugzilla.suse.com/1171981	self
https://bugzilla.suse.com/1174250	self
https://bugzilla.suse.com/1174255	self
https://www.suse.com/security/cve/CVE-2019-12625/	self
https://www.suse.com/security/cve/CVE-2019-12900/	self
https://www.suse.com/security/cve/CVE-2019-15961/	self
https://www.suse.com/security/cve/CVE-2020-3123/	self
https://www.suse.com/security/cve/CVE-2020-3327/	self
https://www.suse.com/security/cve/CVE-2020-3341/	self
https://www.suse.com/security/cve/CVE-2020-3350/	self
https://www.suse.com/security/cve/CVE-2020-3481/	self
https://www.suse.com/security/cve/CVE-2019-12625	external
https://bugzilla.suse.com/1144504	external
https://www.suse.com/security/cve/CVE-2019-12900	external
https://bugzilla.suse.com/1139083	external
https://bugzilla.suse.com/1141513	external
https://bugzilla.suse.com/1149458	external
https://www.suse.com/security/cve/CVE-2019-15961	external
https://bugzilla.suse.com/1157763	external
https://bugzilla.suse.com/1180082	external
https://www.suse.com/security/cve/CVE-2020-3123	external
https://bugzilla.suse.com/1162921	external
https://www.suse.com/security/cve/CVE-2020-3327	external
https://bugzilla.suse.com/1171980	external
https://bugzilla.suse.com/1174250	external
https://www.suse.com/security/cve/CVE-2020-3341	external
https://bugzilla.suse.com/1171981	external
https://www.suse.com/security/cve/CVE-2020-3350	external
https://bugzilla.suse.com/1174250	external
https://bugzilla.suse.com/1174255	external
https://www.suse.com/security/cve/CVE-2020-3481	external
https://bugzilla.suse.com/1174250	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for clamav",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for clamav fixes the following issues:\n\nclamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.\n\n* clamd can now reload the signature database without blocking\n  scanning. This multi-threaded database reload improvement was made\n  possible thanks to a community effort.\n  - Non-blocking database reloads are now the default behavior. Some\n    systems that are more constrained on RAM may need to disable\n    non-blocking reloads as it will temporarily consume two times as\n    much memory. We added a new clamd config option\n    ConcurrentDatabaseReload, which may be set to no.\n* Fix clamav-milter.service (requires clamd.service to run)\n* Fix freshclam crash in FIPS mode. (bsc#1119353)\n\nUpdate to version 0.102.4:\n\nAccumulated security fixes:\n\n* CVE-2020-3350: Fix a vulnerability wherein a malicious user could\n  replace a scan target\u0027s directory with a symlink to another path\n  to trick clamscan, clamdscan, or clamonacc into removing or moving\n  a different file (eg. a critical system file). The issue would\n  affect users that use the --move or --remove options for clamscan,\n  clamdscan, and clamonacc. (bsc#1174255)\n* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing\n  module in ClamAV 0.102.3 that could cause a Denial-of-Service\n  (DoS) condition. Improper bounds checking results in an\n  out-of-bounds read which could cause a crash. The previous fix for\n  this CVE in 0.102.3 was incomplete. This fix correctly resolves\n  the issue.\n* CVE-2020-3481: Fix a vulnerability in the EGG archive module in\n  ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)\n  condition. Improper error handling may result in a crash due to a\n  NULL pointer dereference. This vulnerability is mitigated for\n  those using the official ClamAV signature databases because the\n  file type signatures in daily.cvd will not enable the EGG archive\n  parser in versions affected by the vulnerability. (bsc#1174250)\n* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in\n  ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)\n  condition. Improper size checking of a buffer used to initialize AES\n  decryption routines results in an out-of-bounds read which may cause\n  a crash. (bsc#1171981)\n* CVE-2020-3123: A denial-of-service (DoS) condition may occur when\n  using the optional credit card data-loss-prevention (DLP) feature.\n  Improper bounds checking of an unsigned variable resulted in an\n  out-of-bounds read, which causes a crash.\n* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may\n  occur when scanning a specially crafted email file as a result\n  of excessively long scan times. The issue is resolved by\n  implementing several maximums in parsing MIME messages and by\n  optimizing use of memory allocation. (bsc#1157763).\n* CVE-2019-12900: An out of bounds write in the NSIS bzip2\n  (bsc#1149458)\n* CVE-2019-12625: Introduce a configurable time limit to mitigate\n  zip bomb vulnerability completely. Default is 2 minutes,\n  configurable useing the clamscan --max-scantime and for clamd\n  using the MaxScanTime config option (bsc#1144504)\n\n- Increase the startup timeout of clamd to 5 minutes\n  to cater for the grown virus database as a workaround until\n  clamd has learned to talk to systemd to extend the timeout as\n  long as needed. (bsc#1151839)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3729,SUSE-SLE-SERVER-12-SP5-2020-3729",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3729-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3729-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203729-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3729-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007946.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118459",
        "url": "https://bugzilla.suse.com/1118459"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119353",
        "url": "https://bugzilla.suse.com/1119353"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144504",
        "url": "https://bugzilla.suse.com/1144504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149458",
        "url": "https://bugzilla.suse.com/1149458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1151839",
        "url": "https://bugzilla.suse.com/1151839"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157763",
        "url": "https://bugzilla.suse.com/1157763"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171981",
        "url": "https://bugzilla.suse.com/1171981"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174250",
        "url": "https://bugzilla.suse.com/1174250"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174255",
        "url": "https://bugzilla.suse.com/1174255"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12625 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12625/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15961 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15961/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3123 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3123/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3327 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3327/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3341 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3341/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3350 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3350/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3481 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3481/"
      }
    ],
    "title": "Security update for clamav",
    "tracking": {
      "current_release_date": "2020-12-09T13:44:57Z",
      "generator": {
        "date": "2020-12-09T13:44:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3729-1",
      "initial_release_date": "2020-12-09T13:44:57Z",
      "revision_history": [
        {
          "date": "2020-12-09T13:44:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.aarch64",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.aarch64",
                  "product_id": "clamav-0.103.0-3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.i586",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.i586",
                  "product_id": "clamav-0.103.0-3.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.ppc64le",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.ppc64le",
                  "product_id": "clamav-0.103.0-3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.s390",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.s390",
                  "product_id": "clamav-0.103.0-3.3.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.s390x",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.s390x",
                  "product_id": "clamav-0.103.0-3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.3.1.x86_64",
                "product": {
                  "name": "clamav-0.103.0-3.3.1.x86_64",
                  "product_id": "clamav-0.103.0-3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x"
        },
        "product_reference": "clamav-0.103.0-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x"
        },
        "product_reference": "clamav-0.103.0-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12625",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12625"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12625",
          "url": "https://www.suse.com/security/cve/CVE-2019-12625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1144504 for CVE-2019-12625",
          "url": "https://bugzilla.suse.com/1144504"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12625"
    },
    {
      "cve": "CVE-2019-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12900",
          "url": "https://www.suse.com/security/cve/CVE-2019-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1139083 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1139083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141513 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1141513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149458 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1149458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12900"
    },
    {
      "cve": "CVE-2019-15961",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15961"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15961",
          "url": "https://www.suse.com/security/cve/CVE-2019-15961"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157763 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1157763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180082 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1180082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-15961"
    },
    {
      "cve": "CVE-2020-3123",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3123"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3123",
          "url": "https://www.suse.com/security/cve/CVE-2020-3123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1162921 for CVE-2020-3123",
          "url": "https://bugzilla.suse.com/1162921"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3123"
    },
    {
      "cve": "CVE-2020-3327",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3327"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3327",
          "url": "https://www.suse.com/security/cve/CVE-2020-3327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171980 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1171980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3327"
    },
    {
      "cve": "CVE-2020-3341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3341",
          "url": "https://www.suse.com/security/cve/CVE-2020-3341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171981 for CVE-2020-3341",
          "url": "https://bugzilla.suse.com/1171981"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3341"
    },
    {
      "cve": "CVE-2020-3350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3350",
          "url": "https://www.suse.com/security/cve/CVE-2020-3350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174255 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174255"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-3350"
    },
    {
      "cve": "CVE-2020-3481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3481",
          "url": "https://www.suse.com/security/cve/CVE-2020-3481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3481",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.0-3.3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.0-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-09T13:44:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3481"
    }
  ]
}

SUSE-SU-2020:3790-1

Vulnerability from csaf_suse - Published: 2020-12-14 14:01 - Updated: 2020-12-14 14:01

Summary

Security update for clamav

Severity

Moderate

Notes

Title of the patch: Security update for clamav

Description of the patch: This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459) Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) Update to 0.102.4 * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. Update to 0.102.2: * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) Update to 0.102.1: * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Update to 0.102.0: * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 Update to 0.101.4: * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * bsc#1144504: ZIP bomb causes extreme CPU spikes Update to version 0.101.2 (bsc#1130721) * CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives.

Patchnames: SUSE-2020-3790,SUSE-SLE-Module-Basesystem-15-SP1-2020-3790,SUSE-SLE-Module-Basesystem-15-SP2-2020-3790

CVE-2019-12625

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-12900

8.4 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-15961

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-1785

4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-1786

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-1787

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-1788

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-1789

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-1798

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3123

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3341

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3350

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-3481

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64	—	Vendor Fix

Threats

Impact important

References

60 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1104457	self
https://bugzilla.suse.com/1118459	self
https://bugzilla.suse.com/1130721	self
https://bugzilla.suse.com/1144504	self
https://bugzilla.suse.com/1149458	self
https://bugzilla.suse.com/1157763	self
https://www.suse.com/security/cve/CVE-2019-12625/	self
https://www.suse.com/security/cve/CVE-2019-12900/	self
https://www.suse.com/security/cve/CVE-2019-15961/	self
https://www.suse.com/security/cve/CVE-2019-1785/	self
https://www.suse.com/security/cve/CVE-2019-1786/	self
https://www.suse.com/security/cve/CVE-2019-1787/	self
https://www.suse.com/security/cve/CVE-2019-1788/	self
https://www.suse.com/security/cve/CVE-2019-1789/	self
https://www.suse.com/security/cve/CVE-2019-1798/	self
https://www.suse.com/security/cve/CVE-2020-3123/	self
https://www.suse.com/security/cve/CVE-2020-3327/	self
https://www.suse.com/security/cve/CVE-2020-3341/	self
https://www.suse.com/security/cve/CVE-2020-3350/	self
https://www.suse.com/security/cve/CVE-2020-3481/	self
https://www.suse.com/security/cve/CVE-2019-12625	external
https://bugzilla.suse.com/1144504	external
https://www.suse.com/security/cve/CVE-2019-12900	external
https://bugzilla.suse.com/1139083	external
https://bugzilla.suse.com/1141513	external
https://bugzilla.suse.com/1149458	external
https://www.suse.com/security/cve/CVE-2019-15961	external
https://bugzilla.suse.com/1157763	external
https://bugzilla.suse.com/1180082	external
https://www.suse.com/security/cve/CVE-2019-1785	external
https://bugzilla.suse.com/1130721	external
https://bugzilla.suse.com/1137508	external
https://www.suse.com/security/cve/CVE-2019-1786	external
https://bugzilla.suse.com/1130721	external
https://bugzilla.suse.com/1137510	external
https://www.suse.com/security/cve/CVE-2019-1787	external
https://bugzilla.suse.com/1130721	external
https://www.suse.com/security/cve/CVE-2019-1788	external
https://bugzilla.suse.com/1130721	external
https://www.suse.com/security/cve/CVE-2019-1789	external
https://bugzilla.suse.com/1130721	external
https://www.suse.com/security/cve/CVE-2019-1798	external
https://bugzilla.suse.com/1130721	external
https://bugzilla.suse.com/1137513	external
https://www.suse.com/security/cve/CVE-2020-3123	external
https://bugzilla.suse.com/1162921	external
https://www.suse.com/security/cve/CVE-2020-3327	external
https://bugzilla.suse.com/1171980	external
https://bugzilla.suse.com/1174250	external
https://www.suse.com/security/cve/CVE-2020-3341	external
https://bugzilla.suse.com/1171981	external
https://www.suse.com/security/cve/CVE-2020-3350	external
https://bugzilla.suse.com/1174250	external
https://bugzilla.suse.com/1174255	external
https://www.suse.com/security/cve/CVE-2020-3481	external
https://bugzilla.suse.com/1174250	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for clamav",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for clamav fixes the following issues:\n\nclamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459)\n\nNote that libclamav was changed incompatible, if you have a 3rd party\napplication that uses libclamav, it needs to be rebuilt.\n\nUpdate to 0.103.0\n\n* clamd can now reload the signature database without blocking\n  scanning. This multi-threaded database reload improvement was made\n  possible thanks to a community effort.\n\n  - Non-blocking database reloads are now the default behavior. Some\n    systems that are more constrained on RAM may need to disable\n    non-blocking reloads as it will temporarily consume two times as\n     much memory. We added a new clamd config option\n    ConcurrentDatabaseReload, which may be set to no.\n\n  * Fix clamav-milter.service (requires clamd.service to run)\n\nUpdate to 0.102.4\n\n  * CVE-2020-3350: Fix a vulnerability wherein a malicious user could\n    replace a scan target\u0027s directory with a symlink to another path\n    to trick clamscan, clamdscan, or clamonacc into removing or moving\n    a different file (eg. a critical system file). The issue would\n    affect users that use the --move or --remove options for clamscan,\n    clamdscan, and clamonacc.\n  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing\n    module in ClamAV 0.102.3 that could cause a Denial-of-Service\n    (DoS) condition. Improper bounds checking results in an\n    out-of-bounds read which could cause a crash. The previous fix for\n    this CVE in 0.102.3 was incomplete. This fix correctly resolves\n    the issue.\n  * CVE-2020-3481: Fix a vulnerability in the EGG archive module in\n    ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)\n    condition. Improper error handling may result in a crash due to a\n    NULL pointer dereference. This vulnerability is mitigated for\n    those using the official ClamAV signature databases because the\n    file type signatures in daily.cvd will not enable the EGG archive\n    parser in versions affected by the vulnerability.\n\nUpdate to 0.102.3\n\n  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing\n    module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS)\n    condition. Improper bounds checking of an unsigned variable results\n    in an out-of-bounds read which causes a crash.\n  * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in\n    ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)\n    condition. Improper size checking of a buffer used to initialize AES\n    decryption routines results in an out-of-bounds read which may cause\n    a crash.\n  * Fix \u0027Attempt to allocate 0 bytes\u0027 error when parsing some PDF\n    documents.\n  * Fix a couple of minor memory leaks.\n  * Updated libclamunrar to UnRAR 5.9.2.\n\nUpdate to 0.102.2:\n\n  * CVE-2020-3123: A denial-of-service (DoS) condition may occur when\n    using the optional credit card data-loss-prevention (DLP) feature.\n    Improper bounds checking of an unsigned variable resulted in an\n    out-of-bounds read, which causes a crash.\n  * Significantly improved the scan speed of PDF files on Windows.\n  * Re-applied a fix to alleviate file access issues when scanning RAR\n    files in downstream projects that use libclamav where the scanning\n    engine is operating in a low-privilege process. This bug was originally\n    fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.\n  * Fixed an issue where freshclam failed to update if the database version\n    downloaded is one version older than advertised. This situation may\n    occur after a new database version is published. The issue affected\n    users downloading the whole CVD database file.\n  * Changed the default freshclam ReceiveTimeout setting to 0 (infinite).\n    The ReceiveTimeout had caused needless database update failures for\n    users with slower internet connections.\n  * Correctly display the number of kilobytes (KiB) in progress bar and\n    reduced the size of the progress bar to accommodate 80-character width\n    terminals.\n  * Fixed an issue where running freshclam manually causes a daemonized\n    freshclam process to fail when it updates because the manual instance\n    deletes the temporary download directory. The freshclam temporary files\n    will now download to a unique directory created at the time of an update\n    instead of using a hardcoded directory created/destroyed at the program\n    start/exit.\n  * Fix for freshclam\u0027s OnOutdatedExecute config option.\n  * Fixes a memory leak in the error condition handling for the email\n    parser.\n  * Improved bound checking and error handling in ARJ archive parser.\n  * Improved error handling in PDF parser.\n  * Fix for memory leak in byte-compare signature handler.\n\n- The freshclam.service should not be started before the network is\n  online (it checks for updates immediately upon service start)\n\nUpdate to 0.102.1:\n\n  * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS)\n    vulnerability may occur when scanning a specially crafted email\n    file as a result of excessively long scan times. The issue is\n    resolved by implementing several maximums in parsing MIME\n    messages and by optimizing use of memory allocation.\n  * Build system fixes to build clamav-milter, to correctly link\n    with libxml2 when detected, and to correctly detect fanotify\n    for on-access scanning feature support.\n  * Signature load time is significantly reduced by changing to a\n    more efficient algorithm for loading signature patterns and\n    allocating the AC trie. Patch courtesy of Alberto Wu.\n  * Introduced a new configure option to statically link libjson-c\n    with libclamav. Static linking with libjson is highly\n    recommended to prevent crashes in applications that use\n    libclamav alongside another JSON parsing library.\n  * Null-dereference fix in email parser when using the\n    --gen-json metadata option.\n  * Fixes for Authenticode parsing and certificate signature\n    (.crb database) bugs.\n\nUpdate to 0.102.0:\n\n  * The On-Access Scanning feature has been migrated out of clamd\n    and into a brand new utility named clamonacc. This utility is\n    similar to clamdscan and clamav-milter in that it acts as a\n    client to clamd. This separation from clamd means that clamd no\n    longer needs to run with root privileges while scanning potentially\n    malicious files. Instead, clamd may drop privileges to run under an\n    account that does not have super-user. In addition to improving the\n    security posture of running clamd with On-Access enabled, this\n    update fixed a few outstanding defects:\n    - On-Access scanning for created and moved files (Extra-Scanning)\n      is fixed.\n    - VirusEvent for On-Access scans is fixed.\n    - With clamonacc, it is now possible to copy, move, or remove a\n      file if the scan triggered an alert, just like with clamdscan.\n  * The freshclam database update utility has undergone a significant\n    update. This includes:\n    - Added support for HTTPS.\n    - Support for database mirrors hosted on ports other than 80.\n    - Removal of the mirror management feature (mirrors.dat).\n    - An all new libfreshclam library API.\n- created new subpackage libfreshclam2\n\nUpdate to 0.101.4:\n\n  * CVE-2019-12900: An out of bounds write in the NSIS bzip2\n    (bsc#1149458)\n  * CVE-2019-12625: Introduce a configurable time limit to mitigate\n    zip bomb vulnerability completely. Default is 2 minutes,\n    configurable useing the clamscan --max-scantime and for clamd\n    using the MaxScanTime config option (bsc#1144504)\n\nUpdate to version 0.101.3:\n\n  * bsc#1144504: ZIP bomb causes extreme CPU spikes\n\nUpdate to version 0.101.2 (bsc#1130721)\n\n  * CVE-2019-1787:\n    An out-of-bounds heap read condition may occur when scanning PDF\n    documents. The defect is a failure to correctly keep track of the number\n    of bytes remaining in a buffer when indexing file data.\n  * CVE-2019-1789:\n    An out-of-bounds heap read condition may occur when scanning PE files\n    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a\n    result of inadequate bound-checking.\n  * CVE-2019-1788:\n    An out-of-bounds heap write condition may occur when scanning OLE2 files\n    such as Microsoft Office 97-2003 documents. The invalid write happens when\n    an invalid pointer is mistakenly used to initialize a 32bit integer to\n    zero. This is likely to crash the application.\n  * CVE-2019-1786:\n    An out-of-bounds heap read condition may occur when scanning malformed\n    PDF documents as a result of improper bounds-checking.\n  * CVE-2019-1785:\n    A path-traversal write condition may occur as a result of improper\n    input validation when scanning RAR archives.\n  * CVE-2019-1798:\n    A use-after-free condition may occur as a result of improper error\n    handling when scanning nested RAR archives.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3790,SUSE-SLE-Module-Basesystem-15-SP1-2020-3790,SUSE-SLE-Module-Basesystem-15-SP2-2020-3790",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3790-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3790-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203790-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3790-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008064.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104457",
        "url": "https://bugzilla.suse.com/1104457"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118459",
        "url": "https://bugzilla.suse.com/1118459"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130721",
        "url": "https://bugzilla.suse.com/1130721"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144504",
        "url": "https://bugzilla.suse.com/1144504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149458",
        "url": "https://bugzilla.suse.com/1149458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157763",
        "url": "https://bugzilla.suse.com/1157763"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12625 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12625/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15961 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15961/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1785 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1786 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1786/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1787 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1788 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1788/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1789 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1789/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1798 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3123 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3123/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3327 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3327/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3341 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3341/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3350 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3350/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3481 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3481/"
      }
    ],
    "title": "Security update for clamav",
    "tracking": {
      "current_release_date": "2020-12-14T14:01:32Z",
      "generator": {
        "date": "2020-12-14T14:01:32Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3790-1",
      "initial_release_date": "2020-12-14T14:01:32Z",
      "revision_history": [
        {
          "date": "2020-12-14T14:01:32Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.23.1.aarch64",
                "product": {
                  "name": "clamav-0.103.0-3.23.1.aarch64",
                  "product_id": "clamav-0.103.0-3.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "clamav-devel-0.103.0-3.23.1.aarch64",
                "product": {
                  "name": "clamav-devel-0.103.0-3.23.1.aarch64",
                  "product_id": "clamav-devel-0.103.0-3.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libclamav9-0.103.0-3.23.1.aarch64",
                "product": {
                  "name": "libclamav9-0.103.0-3.23.1.aarch64",
                  "product_id": "libclamav9-0.103.0-3.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreshclam2-0.103.0-3.23.1.aarch64",
                "product": {
                  "name": "libfreshclam2-0.103.0-3.23.1.aarch64",
                  "product_id": "libfreshclam2-0.103.0-3.23.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.23.1.i586",
                "product": {
                  "name": "clamav-0.103.0-3.23.1.i586",
                  "product_id": "clamav-0.103.0-3.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "clamav-devel-0.103.0-3.23.1.i586",
                "product": {
                  "name": "clamav-devel-0.103.0-3.23.1.i586",
                  "product_id": "clamav-devel-0.103.0-3.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libclamav9-0.103.0-3.23.1.i586",
                "product": {
                  "name": "libclamav9-0.103.0-3.23.1.i586",
                  "product_id": "libclamav9-0.103.0-3.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libfreshclam2-0.103.0-3.23.1.i586",
                "product": {
                  "name": "libfreshclam2-0.103.0-3.23.1.i586",
                  "product_id": "libfreshclam2-0.103.0-3.23.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.23.1.ppc64le",
                "product": {
                  "name": "clamav-0.103.0-3.23.1.ppc64le",
                  "product_id": "clamav-0.103.0-3.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "clamav-devel-0.103.0-3.23.1.ppc64le",
                "product": {
                  "name": "clamav-devel-0.103.0-3.23.1.ppc64le",
                  "product_id": "clamav-devel-0.103.0-3.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libclamav9-0.103.0-3.23.1.ppc64le",
                "product": {
                  "name": "libclamav9-0.103.0-3.23.1.ppc64le",
                  "product_id": "libclamav9-0.103.0-3.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libfreshclam2-0.103.0-3.23.1.ppc64le",
                "product": {
                  "name": "libfreshclam2-0.103.0-3.23.1.ppc64le",
                  "product_id": "libfreshclam2-0.103.0-3.23.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.23.1.s390x",
                "product": {
                  "name": "clamav-0.103.0-3.23.1.s390x",
                  "product_id": "clamav-0.103.0-3.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "clamav-devel-0.103.0-3.23.1.s390x",
                "product": {
                  "name": "clamav-devel-0.103.0-3.23.1.s390x",
                  "product_id": "clamav-devel-0.103.0-3.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libclamav9-0.103.0-3.23.1.s390x",
                "product": {
                  "name": "libclamav9-0.103.0-3.23.1.s390x",
                  "product_id": "libclamav9-0.103.0-3.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libfreshclam2-0.103.0-3.23.1.s390x",
                "product": {
                  "name": "libfreshclam2-0.103.0-3.23.1.s390x",
                  "product_id": "libfreshclam2-0.103.0-3.23.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-3.23.1.x86_64",
                "product": {
                  "name": "clamav-0.103.0-3.23.1.x86_64",
                  "product_id": "clamav-0.103.0-3.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "clamav-devel-0.103.0-3.23.1.x86_64",
                "product": {
                  "name": "clamav-devel-0.103.0-3.23.1.x86_64",
                  "product_id": "clamav-devel-0.103.0-3.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libclamav9-0.103.0-3.23.1.x86_64",
                "product": {
                  "name": "libclamav9-0.103.0-3.23.1.x86_64",
                  "product_id": "libclamav9-0.103.0-3.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libfreshclam2-0.103.0-3.23.1.x86_64",
                "product": {
                  "name": "libfreshclam2-0.103.0-3.23.1.x86_64",
                  "product_id": "libfreshclam2-0.103.0-3.23.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x"
        },
        "product_reference": "clamav-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x"
        },
        "product_reference": "clamav-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-devel-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "clamav-devel-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libclamav9-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "libclamav9-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libfreshclam2-0.103.0-3.23.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        },
        "product_reference": "libfreshclam2-0.103.0-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12625",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12625"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12625",
          "url": "https://www.suse.com/security/cve/CVE-2019-12625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1144504 for CVE-2019-12625",
          "url": "https://bugzilla.suse.com/1144504"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12625"
    },
    {
      "cve": "CVE-2019-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12900",
          "url": "https://www.suse.com/security/cve/CVE-2019-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1139083 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1139083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141513 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1141513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149458 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1149458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12900"
    },
    {
      "cve": "CVE-2019-15961",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15961"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15961",
          "url": "https://www.suse.com/security/cve/CVE-2019-15961"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157763 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1157763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180082 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1180082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-15961"
    },
    {
      "cve": "CVE-2019-1785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1785",
          "url": "https://www.suse.com/security/cve/CVE-2019-1785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1785",
          "url": "https://bugzilla.suse.com/1130721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137508 for CVE-2019-1785",
          "url": "https://bugzilla.suse.com/1137508"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-1785"
    },
    {
      "cve": "CVE-2019-1786",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1786"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1786",
          "url": "https://www.suse.com/security/cve/CVE-2019-1786"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1786",
          "url": "https://bugzilla.suse.com/1130721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137510 for CVE-2019-1786",
          "url": "https://bugzilla.suse.com/1137510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1786"
    },
    {
      "cve": "CVE-2019-1787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1787",
          "url": "https://www.suse.com/security/cve/CVE-2019-1787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1787",
          "url": "https://bugzilla.suse.com/1130721"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-1787"
    },
    {
      "cve": "CVE-2019-1788",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1788"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Object Linking \u0026 Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1788",
          "url": "https://www.suse.com/security/cve/CVE-2019-1788"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1788",
          "url": "https://bugzilla.suse.com/1130721"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-1788"
    },
    {
      "cve": "CVE-2019-1789",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1789"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1789",
          "url": "https://www.suse.com/security/cve/CVE-2019-1789"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1789",
          "url": "https://bugzilla.suse.com/1130721"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-1789"
    },
    {
      "cve": "CVE-2019-1798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1798",
          "url": "https://www.suse.com/security/cve/CVE-2019-1798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130721 for CVE-2019-1798",
          "url": "https://bugzilla.suse.com/1130721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137513 for CVE-2019-1798",
          "url": "https://bugzilla.suse.com/1137513"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-1798"
    },
    {
      "cve": "CVE-2020-3123",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3123"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3123",
          "url": "https://www.suse.com/security/cve/CVE-2020-3123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1162921 for CVE-2020-3123",
          "url": "https://bugzilla.suse.com/1162921"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3123"
    },
    {
      "cve": "CVE-2020-3327",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3327"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3327",
          "url": "https://www.suse.com/security/cve/CVE-2020-3327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171980 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1171980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3327"
    },
    {
      "cve": "CVE-2020-3341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3341",
          "url": "https://www.suse.com/security/cve/CVE-2020-3341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171981 for CVE-2020-3341",
          "url": "https://bugzilla.suse.com/1171981"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3341"
    },
    {
      "cve": "CVE-2020-3350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3350",
          "url": "https://www.suse.com/security/cve/CVE-2020-3350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174255 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174255"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-3350"
    },
    {
      "cve": "CVE-2020-3481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3481",
          "url": "https://www.suse.com/security/cve/CVE-2020-3481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3481",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreshclam2-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:clamav-devel-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libclamav9-0.103.0-3.23.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libfreshclam2-0.103.0-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-14T14:01:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3481"
    }
  ]
}

SUSE-SU-2020:3918-1

Vulnerability from csaf_suse - Published: 2020-12-22 13:18 - Updated: 2020-12-22 13:18

Summary

Security update for clamav

Severity

Important

Notes

Title of the patch: Security update for clamav

Description of the patch: This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html

Patchnames: HPE-Helion-OpenStack-8-2020-3918,SUSE-2020-3918,SUSE-OpenStack-Cloud-7-2020-3918,SUSE-OpenStack-Cloud-8-2020-3918,SUSE-OpenStack-Cloud-9-2020-3918,SUSE-OpenStack-Cloud-Crowbar-8-2020-3918,SUSE-OpenStack-Cloud-Crowbar-9-2020-3918,SUSE-SLE-SAP-12-SP2-2020-3918,SUSE-SLE-SAP-12-SP3-2020-3918,SUSE-SLE-SAP-12-SP4-2020-3918,SUSE-SLE-SERVER-12-SP2-2020-3918,SUSE-SLE-SERVER-12-SP2-BCL-2020-3918,SUSE-SLE-SERVER-12-SP3-2020-3918,SUSE-SLE-SERVER-12-SP3-BCL-2020-3918,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3918,SUSE-Storage-5-2020-3918

CVE-2019-12900

8.4 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-15961

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3123

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3341

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-3350

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-3481

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64	—	Vendor Fix

Threats

Impact important

References

38 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1118459	self
https://bugzilla.suse.com/1119353	self
https://bugzilla.suse.com/1144504	self
https://bugzilla.suse.com/1149458	self
https://bugzilla.suse.com/1157763	self
https://bugzilla.suse.com/1171981	self
https://bugzilla.suse.com/1174250	self
https://bugzilla.suse.com/1174255	self
https://www.suse.com/security/cve/CVE-2019-12900/	self
https://www.suse.com/security/cve/CVE-2019-15961/	self
https://www.suse.com/security/cve/CVE-2020-3123/	self
https://www.suse.com/security/cve/CVE-2020-3327/	self
https://www.suse.com/security/cve/CVE-2020-3341/	self
https://www.suse.com/security/cve/CVE-2020-3350/	self
https://www.suse.com/security/cve/CVE-2020-3481/	self
https://www.suse.com/security/cve/CVE-2019-12900	external
https://bugzilla.suse.com/1139083	external
https://bugzilla.suse.com/1141513	external
https://bugzilla.suse.com/1149458	external
https://www.suse.com/security/cve/CVE-2019-15961	external
https://bugzilla.suse.com/1157763	external
https://bugzilla.suse.com/1180082	external
https://www.suse.com/security/cve/CVE-2020-3123	external
https://bugzilla.suse.com/1162921	external
https://www.suse.com/security/cve/CVE-2020-3327	external
https://bugzilla.suse.com/1171980	external
https://bugzilla.suse.com/1174250	external
https://www.suse.com/security/cve/CVE-2020-3341	external
https://bugzilla.suse.com/1171981	external
https://www.suse.com/security/cve/CVE-2020-3350	external
https://bugzilla.suse.com/1174250	external
https://bugzilla.suse.com/1174255	external
https://www.suse.com/security/cve/CVE-2020-3481	external
https://bugzilla.suse.com/1174250	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for clamav",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for clamav fixes the following issues:\n\nclamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.\n\n* clamd can now reload the signature database without blocking\n  scanning. This multi-threaded database reload improvement was made\n  possible thanks to a community effort.\n  - Non-blocking database reloads are now the default behavior. Some\n    systems that are more constrained on RAM may need to disable\n    non-blocking reloads as it will temporarily consume two times as\n    much memory. We added a new clamd config option\n    ConcurrentDatabaseReload, which may be set to no.\n* Fix clamav-milter.service (requires clamd.service to run)\n* bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.\n* Partial sync with SLE15.\n\nUpdate to version 0.102.4\n\nAccumulated security fixes:\n\n* CVE-2020-3350: Fix a vulnerability wherein a malicious user could\n  replace a scan target\u0027s directory with a symlink to another path\n  to trick clamscan, clamdscan, or clamonacc into removing or moving\n  a different file (eg. a critical system file). The issue would\n  affect users that use the --move or --remove options for clamscan,\n  clamdscan, and clamonacc. (bsc#1174255)\n* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing\n  module in ClamAV 0.102.3 that could cause a Denial-of-Service\n  (DoS) condition. Improper bounds checking results in an\n  out-of-bounds read which could cause a crash. The previous fix for\n  this CVE in 0.102.3 was incomplete. This fix correctly resolves\n  the issue.\n* CVE-2020-3481: Fix a vulnerability in the EGG archive module in\n  ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)\n  condition. Improper error handling may result in a crash due to a\n  NULL pointer dereference. This vulnerability is mitigated for\n  those using the official ClamAV signature databases because the\n  file type signatures in daily.cvd will not enable the EGG archive\n  parser in versions affected by the vulnerability. (bsc#1174250)\n* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in\n  ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)\n  condition. Improper size checking of a buffer used to initialize AES\n  decryption routines results in an out-of-bounds read which may cause\n  a crash. (bsc#1171981)\n* CVE-2020-3123: A denial-of-service (DoS) condition may occur when\n  using the optional credit card data-loss-prevention (DLP) feature.\n  Improper bounds checking of an unsigned variable resulted in an\n  out-of-bounds read, which causes a crash.\n* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may\n  occur when scanning a specially crafted email file as a result\n  of excessively long scan times. The issue is resolved by\n  implementing several maximums in parsing MIME messages and by\n  optimizing use of memory allocation. (bsc#1157763).\n* CVE-2019-12900: An out of bounds write in the NSIS bzip2\n  (bsc#1149458)\n* CVE-2019-12625: Introduce a configurable time limit to mitigate\n  zip bomb vulnerability completely. Default is 2 minutes,\n  configurable useing the clamscan --max-scantime and for clamd\n  using the MaxScanTime config option (bsc#1144504)\n\nUpdate to version 0.101.3:\n\n* ZIP bomb causes extreme CPU spikes (bsc#1144504)\n\nUpdate to version 0.101.2 (bsc#1118459):\n\n* Support for RAR v5 archive extraction.\n* Incompatible changes to the arguments of cl_scandesc,\n  cl_scandesc_callback, and cl_scanmap_callback.\n* Scanning options have been converted from a single flag\n  bit-field into a structure of multiple categorized flag\n  bit-fields.\n* The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by\n  2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and\n  CL_SCAN_HEURISTIC_ENCRYPTED_DOC\n* Incompatible clamd.conf and command line interface changes.\n* Heuristic Alerts\u0027 (aka \u0027Algorithmic Detection\u0027) options have\n  been changed to make the names more consistent. The original\n  options are deprecated in 0.101, and will be removed in a\n  future feature release.\n* For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2020-3918,SUSE-2020-3918,SUSE-OpenStack-Cloud-7-2020-3918,SUSE-OpenStack-Cloud-8-2020-3918,SUSE-OpenStack-Cloud-9-2020-3918,SUSE-OpenStack-Cloud-Crowbar-8-2020-3918,SUSE-OpenStack-Cloud-Crowbar-9-2020-3918,SUSE-SLE-SAP-12-SP2-2020-3918,SUSE-SLE-SAP-12-SP3-2020-3918,SUSE-SLE-SAP-12-SP4-2020-3918,SUSE-SLE-SERVER-12-SP2-2020-3918,SUSE-SLE-SERVER-12-SP2-BCL-2020-3918,SUSE-SLE-SERVER-12-SP3-2020-3918,SUSE-SLE-SERVER-12-SP3-BCL-2020-3918,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3918,SUSE-Storage-5-2020-3918",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3918-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3918-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203918-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3918-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008110.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118459",
        "url": "https://bugzilla.suse.com/1118459"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119353",
        "url": "https://bugzilla.suse.com/1119353"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144504",
        "url": "https://bugzilla.suse.com/1144504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149458",
        "url": "https://bugzilla.suse.com/1149458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157763",
        "url": "https://bugzilla.suse.com/1157763"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171981",
        "url": "https://bugzilla.suse.com/1171981"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174250",
        "url": "https://bugzilla.suse.com/1174250"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174255",
        "url": "https://bugzilla.suse.com/1174255"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15961 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15961/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3123 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3123/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3327 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3327/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3341 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3341/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3350 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3350/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-3481 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-3481/"
      }
    ],
    "title": "Security update for clamav",
    "tracking": {
      "current_release_date": "2020-12-22T13:18:28Z",
      "generator": {
        "date": "2020-12-22T13:18:28Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3918-1",
      "initial_release_date": "2020-12-22T13:18:28Z",
      "revision_history": [
        {
          "date": "2020-12-22T13:18:28Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.aarch64",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.aarch64",
                  "product_id": "clamav-0.103.0-33.32.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.i586",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.i586",
                  "product_id": "clamav-0.103.0-33.32.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.ppc64le",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.ppc64le",
                  "product_id": "clamav-0.103.0-33.32.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.s390",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.s390",
                  "product_id": "clamav-0.103.0-33.32.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.s390x",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.s390x",
                  "product_id": "clamav-0.103.0-33.32.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.0-33.32.1.x86_64",
                "product": {
                  "name": "clamav-0.103.0-33.32.1.x86_64",
                  "product_id": "clamav-0.103.0-33.32.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 5",
                "product": {
                  "name": "SUSE Enterprise Storage 5",
                  "product_id": "SUSE Enterprise Storage 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x"
        },
        "product_reference": "clamav-0.103.0-33.32.1.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x"
        },
        "product_reference": "clamav-0.103.0-33.32.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x"
        },
        "product_reference": "clamav-0.103.0-33.32.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le"
        },
        "product_reference": "clamav-0.103.0-33.32.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x"
        },
        "product_reference": "clamav-0.103.0-33.32.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.aarch64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.0-33.32.1.x86_64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64"
        },
        "product_reference": "clamav-0.103.0-33.32.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12900",
          "url": "https://www.suse.com/security/cve/CVE-2019-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1139083 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1139083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141513 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1141513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149458 for CVE-2019-12900",
          "url": "https://bugzilla.suse.com/1149458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12900"
    },
    {
      "cve": "CVE-2019-15961",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15961"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15961",
          "url": "https://www.suse.com/security/cve/CVE-2019-15961"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157763 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1157763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180082 for CVE-2019-15961",
          "url": "https://bugzilla.suse.com/1180082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-15961"
    },
    {
      "cve": "CVE-2020-3123",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3123"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3123",
          "url": "https://www.suse.com/security/cve/CVE-2020-3123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1162921 for CVE-2020-3123",
          "url": "https://bugzilla.suse.com/1162921"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3123"
    },
    {
      "cve": "CVE-2020-3327",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3327"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3327",
          "url": "https://www.suse.com/security/cve/CVE-2020-3327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171980 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1171980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3327",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3327"
    },
    {
      "cve": "CVE-2020-3341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3341",
          "url": "https://www.suse.com/security/cve/CVE-2020-3341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171981 for CVE-2020-3341",
          "url": "https://bugzilla.suse.com/1171981"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3341"
    },
    {
      "cve": "CVE-2020-3350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3350",
          "url": "https://www.suse.com/security/cve/CVE-2020-3350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174255 for CVE-2020-3350",
          "url": "https://bugzilla.suse.com/1174255"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-3350"
    },
    {
      "cve": "CVE-2020-3481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-3481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
          "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-3481",
          "url": "https://www.suse.com/security/cve/CVE-2020-3481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174250 for CVE-2020-3481",
          "url": "https://bugzilla.suse.com/1174250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Enterprise Storage 5:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.0-33.32.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.s390x",
            "SUSE OpenStack Cloud 7:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud 9:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:clamav-0.103.0-33.32.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:clamav-0.103.0-33.32.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-22T13:18:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-3481"
    }
  ]
}

WID-SEC-W-2023-1614

Vulnerability from csaf_certbund - Published: 2023-06-29 22:00 - Updated: 2023-10-25 22:00

Summary

Tenable Security Nessus Network Monitor: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.

Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges

CVE-2023-32067

In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.

CVE-2023-31147

CVE-2023-31130

CVE-2023-31124

CVE-2023-29469

CVE-2023-28484

CVE-2023-28322

CVE-2023-28321

CVE-2023-28320

CVE-2023-27538

CVE-2023-27536

CVE-2023-27535

CVE-2023-27534

CVE-2023-27533

CVE-2023-2650

CVE-2023-23916

CVE-2023-23915

CVE-2023-23914

CVE-2023-1255

CVE-2023-0466

CVE-2023-0465

CVE-2022-4904

CVE-2022-46908

CVE-2022-43552

CVE-2022-43551

CVE-2022-42916

CVE-2022-42915

CVE-2022-40304

CVE-2022-40303

CVE-2022-35737

CVE-2022-35252

CVE-2022-32221

CVE-2022-32208

CVE-2022-32207

CVE-2022-32206

CVE-2022-32205

CVE-2022-31160

CVE-2022-29824

CVE-2022-27782

CVE-2022-27781

CVE-2022-27776

CVE-2022-27775

CVE-2022-27774

CVE-2022-23395

CVE-2022-23308

CVE-2022-22576

CVE-2021-45346

CVE-2021-3672

CVE-2021-36690

CVE-2021-3541

CVE-2021-3537

CVE-2021-3518

CVE-2021-3517

CVE-2021-31239

CVE-2021-30560

CVE-2021-20227

CVE-2020-9327

CVE-2020-7595

CVE-2020-35527

CVE-2020-35525

CVE-2020-24977

CVE-2020-15358

CVE-2020-14155

CVE-2020-13871

CVE-2020-13632

CVE-2020-13631

CVE-2020-13630

CVE-2020-13435

CVE-2020-13434

CVE-2020-11656

CVE-2020-11655

CVE-2019-9937

CVE-2019-9936

CVE-2019-8457

CVE-2019-5815

CVE-2019-20838

CVE-2019-20388

CVE-2019-20218

CVE-2019-19959

CVE-2019-19956

CVE-2019-19926

CVE-2019-19925

CVE-2019-19924

CVE-2019-19923

CVE-2019-19880

CVE-2019-19646

CVE-2019-19645

CVE-2019-19603

CVE-2019-19317

CVE-2019-19244

CVE-2019-19242

CVE-2019-16168

CVE-2019-13118

CVE-2019-13117

CVE-2019-12900

CVE-2019-11068

CVE-2018-9251

CVE-2018-14567

CVE-2018-14404

CVE-2017-9050

CVE-2017-9049

CVE-2017-9048

CVE-2017-9047

CVE-2017-8872

CVE-2017-7376

CVE-2017-7375

CVE-2017-5969

CVE-2017-5130

CVE-2017-5029

CVE-2017-18258

CVE-2017-16932

CVE-2017-16931

CVE-2017-15412

CVE-2017-1000381

CVE-2017-1000061

CVE-2016-9598

CVE-2016-9597

CVE-2016-9596

CVE-2016-5180

CVE-2016-5131

CVE-2016-4658

CVE-2016-4609

CVE-2016-4607

CVE-2016-4483

CVE-2016-4449

CVE-2016-4448

CVE-2016-4447

CVE-2016-3709

CVE-2016-3705

CVE-2016-3627

CVE-2016-3189

CVE-2016-2073

CVE-2016-1840

CVE-2016-1839

CVE-2016-1838

CVE-2016-1837

CVE-2016-1836

CVE-2016-1834

CVE-2016-1833

CVE-2016-1762

CVE-2016-1684

CVE-2016-1683

CVE-2015-9019

CVE-2015-8806

CVE-2015-8710

CVE-2015-8317

CVE-2015-8242

CVE-2015-8241

CVE-2015-8035

CVE-2015-7995

CVE-2015-7942

CVE-2015-7941

CVE-2015-7500

CVE-2015-7499

CVE-2015-7498

CVE-2015-7497

CVE-2015-5312

CVE-2014-3660

CVE-2013-4520

CVE-2013-2877

CVE-2013-1969

CVE-2013-0339

CVE-2013-0338

CVE-2012-6139

CVE-2012-5134

CVE-2012-2871

CVE-2012-2870

CVE-2012-0841

CVE-2011-3970

CVE-2011-1944

CVE-2011-1202

CVE-2010-4494

CVE-2010-4008

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://de.tenable.com/security/tns-2023-34	external
https://de.tenable.com/security/tns-2023-23	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Tenable Nessus Network Monitor ist eine L\u00f6sung zur Inventarisierung und \u00dcberwachung von Netzwerkger\u00e4ten und den genutzten Protokollen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1614 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1614 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2023-34 vom 2023-10-25",
        "url": "https://de.tenable.com/security/tns-2023-34"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory vom 2023-06-29",
        "url": "https://de.tenable.com/security/tns-2023-23"
      }
    ],
    "source_lang": "en-US",
    "title": "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-25T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:53:59.941+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1614",
      "initial_release_date": "2023-06-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-07-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Produkt berichtigt"
        },
        {
          "date": "2023-10-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Tenable aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Tenable Security Nessus Network Monitor \u003c 6.2.2",
            "product": {
              "name": "Tenable Security Nessus Network Monitor \u003c 6.2.2",
              "product_id": "T028403",
              "product_identification_helper": {
                "cpe": "cpe:/a:tenable:nessus_network_monitor:6.2.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32067",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-32067"
    },
    {
      "cve": "CVE-2023-31147",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-31147"
    },
    {
      "cve": "CVE-2023-31130",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-31130"
    },
    {
      "cve": "CVE-2023-31124",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-31124"
    },
    {
      "cve": "CVE-2023-29469",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-29469"
    },
    {
      "cve": "CVE-2023-28484",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-28484"
    },
    {
      "cve": "CVE-2023-28322",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-28322"
    },
    {
      "cve": "CVE-2023-28321",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28320",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-28320"
    },
    {
      "cve": "CVE-2023-27538",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-27536",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27535",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27534",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27533",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-2650",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-2650"
    },
    {
      "cve": "CVE-2023-23916",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23915",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23914",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-1255",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-1255"
    },
    {
      "cve": "CVE-2023-0466",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0465",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2022-4904",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-4904"
    },
    {
      "cve": "CVE-2022-46908",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-46908"
    },
    {
      "cve": "CVE-2022-43552",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43551",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-42916",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-42915",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40303",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-35737",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-35252",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-32221",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-32208",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32207",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32206",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32205",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-31160",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2022-29824",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-29824"
    },
    {
      "cve": "CVE-2022-27782",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-27781",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27776",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27775",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27774",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-23395",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-23395"
    },
    {
      "cve": "CVE-2022-23308",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-23308"
    },
    {
      "cve": "CVE-2022-22576",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2021-45346",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-45346"
    },
    {
      "cve": "CVE-2021-3672",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-3672"
    },
    {
      "cve": "CVE-2021-36690",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-36690"
    },
    {
      "cve": "CVE-2021-3541",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-3541"
    },
    {
      "cve": "CVE-2021-3537",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-3537"
    },
    {
      "cve": "CVE-2021-3518",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-3518"
    },
    {
      "cve": "CVE-2021-3517",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-3517"
    },
    {
      "cve": "CVE-2021-31239",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-31239"
    },
    {
      "cve": "CVE-2021-30560",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-30560"
    },
    {
      "cve": "CVE-2021-20227",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2021-20227"
    },
    {
      "cve": "CVE-2020-9327",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-9327"
    },
    {
      "cve": "CVE-2020-7595",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-7595"
    },
    {
      "cve": "CVE-2020-35527",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-35527"
    },
    {
      "cve": "CVE-2020-35525",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-35525"
    },
    {
      "cve": "CVE-2020-24977",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-24977"
    },
    {
      "cve": "CVE-2020-15358",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-15358"
    },
    {
      "cve": "CVE-2020-14155",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-14155"
    },
    {
      "cve": "CVE-2020-13871",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13871"
    },
    {
      "cve": "CVE-2020-13632",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13632"
    },
    {
      "cve": "CVE-2020-13631",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13631"
    },
    {
      "cve": "CVE-2020-13630",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13630"
    },
    {
      "cve": "CVE-2020-13435",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13435"
    },
    {
      "cve": "CVE-2020-13434",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-13434"
    },
    {
      "cve": "CVE-2020-11656",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-11656"
    },
    {
      "cve": "CVE-2020-11655",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2020-11655"
    },
    {
      "cve": "CVE-2019-9937",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-9937"
    },
    {
      "cve": "CVE-2019-9936",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-9936"
    },
    {
      "cve": "CVE-2019-8457",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-8457"
    },
    {
      "cve": "CVE-2019-5815",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-5815"
    },
    {
      "cve": "CVE-2019-20838",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-20838"
    },
    {
      "cve": "CVE-2019-20388",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-20388"
    },
    {
      "cve": "CVE-2019-20218",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-20218"
    },
    {
      "cve": "CVE-2019-19959",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19959"
    },
    {
      "cve": "CVE-2019-19956",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19956"
    },
    {
      "cve": "CVE-2019-19926",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19926"
    },
    {
      "cve": "CVE-2019-19925",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19925"
    },
    {
      "cve": "CVE-2019-19924",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19924"
    },
    {
      "cve": "CVE-2019-19923",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19923"
    },
    {
      "cve": "CVE-2019-19880",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19880"
    },
    {
      "cve": "CVE-2019-19646",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19646"
    },
    {
      "cve": "CVE-2019-19645",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19645"
    },
    {
      "cve": "CVE-2019-19603",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19603"
    },
    {
      "cve": "CVE-2019-19317",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19317"
    },
    {
      "cve": "CVE-2019-19244",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19244"
    },
    {
      "cve": "CVE-2019-19242",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-19242"
    },
    {
      "cve": "CVE-2019-16168",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-16168"
    },
    {
      "cve": "CVE-2019-13118",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-13118"
    },
    {
      "cve": "CVE-2019-13117",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-13117"
    },
    {
      "cve": "CVE-2019-12900",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-12900"
    },
    {
      "cve": "CVE-2019-11068",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2019-11068"
    },
    {
      "cve": "CVE-2018-9251",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2018-9251"
    },
    {
      "cve": "CVE-2018-14567",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2018-14567"
    },
    {
      "cve": "CVE-2018-14404",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2018-14404"
    },
    {
      "cve": "CVE-2017-9050",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-9050"
    },
    {
      "cve": "CVE-2017-9049",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-9049"
    },
    {
      "cve": "CVE-2017-9048",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-9048"
    },
    {
      "cve": "CVE-2017-9047",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-9047"
    },
    {
      "cve": "CVE-2017-8872",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-8872"
    },
    {
      "cve": "CVE-2017-7376",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-7376"
    },
    {
      "cve": "CVE-2017-7375",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-7375"
    },
    {
      "cve": "CVE-2017-5969",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-5969"
    },
    {
      "cve": "CVE-2017-5130",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-5130"
    },
    {
      "cve": "CVE-2017-5029",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-5029"
    },
    {
      "cve": "CVE-2017-18258",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-18258"
    },
    {
      "cve": "CVE-2017-16932",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-16932"
    },
    {
      "cve": "CVE-2017-16931",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-16931"
    },
    {
      "cve": "CVE-2017-15412",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-15412"
    },
    {
      "cve": "CVE-2017-1000381",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-1000381"
    },
    {
      "cve": "CVE-2017-1000061",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2017-1000061"
    },
    {
      "cve": "CVE-2016-9598",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-9598"
    },
    {
      "cve": "CVE-2016-9597",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-9597"
    },
    {
      "cve": "CVE-2016-9596",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-9596"
    },
    {
      "cve": "CVE-2016-5180",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-5180"
    },
    {
      "cve": "CVE-2016-5131",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-5131"
    },
    {
      "cve": "CVE-2016-4658",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4658"
    },
    {
      "cve": "CVE-2016-4609",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4609"
    },
    {
      "cve": "CVE-2016-4607",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4607"
    },
    {
      "cve": "CVE-2016-4483",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4483"
    },
    {
      "cve": "CVE-2016-4449",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4449"
    },
    {
      "cve": "CVE-2016-4448",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4448"
    },
    {
      "cve": "CVE-2016-4447",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-4447"
    },
    {
      "cve": "CVE-2016-3709",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-3709"
    },
    {
      "cve": "CVE-2016-3705",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-3705"
    },
    {
      "cve": "CVE-2016-3627",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-3627"
    },
    {
      "cve": "CVE-2016-3189",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-3189"
    },
    {
      "cve": "CVE-2016-2073",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-2073"
    },
    {
      "cve": "CVE-2016-1840",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1840"
    },
    {
      "cve": "CVE-2016-1839",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1839"
    },
    {
      "cve": "CVE-2016-1838",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1838"
    },
    {
      "cve": "CVE-2016-1837",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1837"
    },
    {
      "cve": "CVE-2016-1836",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1836"
    },
    {
      "cve": "CVE-2016-1834",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1834"
    },
    {
      "cve": "CVE-2016-1833",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1833"
    },
    {
      "cve": "CVE-2016-1762",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1762"
    },
    {
      "cve": "CVE-2016-1684",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1684"
    },
    {
      "cve": "CVE-2016-1683",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2016-1683"
    },
    {
      "cve": "CVE-2015-9019",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-9019"
    },
    {
      "cve": "CVE-2015-8806",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8806"
    },
    {
      "cve": "CVE-2015-8710",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8710"
    },
    {
      "cve": "CVE-2015-8317",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8317"
    },
    {
      "cve": "CVE-2015-8242",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8242"
    },
    {
      "cve": "CVE-2015-8241",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8241"
    },
    {
      "cve": "CVE-2015-8035",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-8035"
    },
    {
      "cve": "CVE-2015-7995",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7995"
    },
    {
      "cve": "CVE-2015-7942",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7942"
    },
    {
      "cve": "CVE-2015-7941",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7941"
    },
    {
      "cve": "CVE-2015-7500",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7500"
    },
    {
      "cve": "CVE-2015-7499",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7499"
    },
    {
      "cve": "CVE-2015-7498",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7498"
    },
    {
      "cve": "CVE-2015-7497",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-7497"
    },
    {
      "cve": "CVE-2015-5312",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2015-5312"
    },
    {
      "cve": "CVE-2014-3660",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2014-3660"
    },
    {
      "cve": "CVE-2013-4520",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2013-4520"
    },
    {
      "cve": "CVE-2013-2877",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2013-2877"
    },
    {
      "cve": "CVE-2013-1969",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2013-1969"
    },
    {
      "cve": "CVE-2013-0339",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2013-0339"
    },
    {
      "cve": "CVE-2013-0338",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2013-0338"
    },
    {
      "cve": "CVE-2012-6139",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2012-6139"
    },
    {
      "cve": "CVE-2012-5134",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2012-5134"
    },
    {
      "cve": "CVE-2012-2871",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2012-2871"
    },
    {
      "cve": "CVE-2012-2870",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2012-2870"
    },
    {
      "cve": "CVE-2012-0841",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2012-0841"
    },
    {
      "cve": "CVE-2011-3970",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2011-3970"
    },
    {
      "cve": "CVE-2011-1944",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2011-1944"
    },
    {
      "cve": "CVE-2011-1202",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2011-1202"
    },
    {
      "cve": "CVE-2010-4494",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2010-4494"
    },
    {
      "cve": "CVE-2010-4008",
      "notes": [
        {
          "category": "description",
          "text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2010-4008"
    }
  ]
}

WID-SEC-W-2023-3141

Vulnerability from csaf_certbund - Published: 2019-06-23 22:00 - Updated: 2025-05-14 22:00

Summary

bzip2: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

Severity

Hoch

Notes

Produktbeschreibung: bzip2 ist ein frei verfügbares Komprimierungsprogramm zur verlustfreien Kompression von Dateien.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in bzip2 ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2019-12900

Affected products

Known affected 15 products

Product	Identifier	Version
IBM License Metric Tool <9.2.34 IBM / License Metric Tool		<9.2.34
Red Hat Enterprise Linux Service Interconnect 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:service_interconnect_1`	Service Interconnect 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
FreeBSD Project FreeBSD OS FreeBSD Project	`cpe:/o:freebsd:freebsd:-`	—
Red Hat OpenShift Container Platform <4.14.46 Red Hat / OpenShift		Container Platform <4.14.46
IBM QRadar SIEM <7.5.0 UP11 IF03 IBM / QRadar SIEM		<7.5.0 UP11 IF03
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM QRadar SIEM <7.5.0 UP12 IBM / QRadar SIEM		<7.5.0 UP12
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Broadcom Brocade SANnav Broadcom	`cpe:/a:broadcom:brocade_sannav:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Open Source bzip2 Open Source / bzip2	`cpe:/a:bzip:bzip2:-`	—
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
Red Hat OpenShift Container Platform <4.15.45 Red Hat / OpenShift		Container Platform <4.15.45

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source bzip2 <=1.0.6 Open Source / bzip2		<=1.0.6

References

33 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://web.nvd.nist.gov/view/vuln/detail?vulnId=…	external
https://usn.ubuntu.com/4038-2/	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://pivotal.io/security/usn-4038-3	external
https://www.dell.com/support/security/de-de/detai…	external
https://support.f5.com/csp/article/K68713584?utm_…	external
https://alas.aws.amazon.com/AL2/ALAS-2021-1652.html	external
https://www.ibm.com/support/pages/node/7096372	external
https://access.redhat.com/errata/RHSA-2024:8922	external
https://linux.oracle.com/errata/ELSA-2024-8922.html	external
https://access.redhat.com/errata/RHSA-2024:10803	external
https://access.redhat.com/errata/RHSA-2025:0733	external
https://linux.oracle.com/errata/ELSA-2025-0733.html	external
https://access.redhat.com/errata/RHSA-2025:0925	external
https://linux.oracle.com/errata/ELSA-2025-0925.html	external
https://access.redhat.com/errata/RHSA-2025:0839	external
https://access.redhat.com/errata/RHSA-2025:0840	external
https://access.redhat.com/errata/RHSA-2025:1154	external
https://access.redhat.com/errata/RHSA-2025:1128	external
https://support.broadcom.com/web/ecx/support-cont…	external
https://www.ibm.com/support/pages/node/7183571	external
https://access.redhat.com/errata/RHSA-2025:1925	external
https://www.ibm.com/support/pages/node/7185353	external
https://access.redhat.com/errata/RHSA-2025:4005	external
https://www.ibm.com/support/pages/node/7233394	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "bzip2 ist ein frei verf\u00fcgbares Komprimierungsprogramm zur verlustfreien Kompression von Dateien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in bzip2 ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3141 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-3141.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3141 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3141"
      },
      {
        "category": "external",
        "summary": "NATIONAL VULNERABILITY DATABASE vom 2019-06-23",
        "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12900"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4038-2 vom 2019-06-26",
        "url": "https://usn.ubuntu.com/4038-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1846-1 vom 2019-07-15",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191846-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14122-1 vom 2019-07-15",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914122-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1955-1 vom 2019-07-23",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191955-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2004-1 vom 2019-07-29",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192004-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2013-1 vom 2019-07-30",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192013-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14139-1 vom 2019-08-07",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914139-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2013-2 vom 2019-08-17",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192013-2.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4038-3 vom 2019-09-07",
        "url": "https://pivotal.io/security/usn-4038-3"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2019-149 vom 2019-10-18",
        "url": "https://www.dell.com/support/security/de-de/details/DOC-108411/DSA-2019-149-RSA-Authentication-Manager-Security-Update-for-Third-Party-Component-Vulnerabilitie"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K68713584 vom 2019-11-13",
        "url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026utm_medium=RSS"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1652 vom 2021-06-23",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1652.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7096372 vom 2023-12-13",
        "url": "https://www.ibm.com/support/pages/node/7096372"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8922 vom 2024-11-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:8922"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8922 vom 2024-11-06",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8922.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10803 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10803"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0733 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0733"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0733 vom 2025-01-30",
        "url": "https://linux.oracle.com/errata/ELSA-2025-0733.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2025:0925"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0925 vom 2025-02-04",
        "url": "https://linux.oracle.com/errata/ELSA-2025-0925.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0839 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0839"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0840 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0840"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1154 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:1154"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1128 vom 2025-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:1128"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2025-2889 vom 2025-02-13",
        "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25416"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183571 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183571"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1925 vom 2025-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:1925"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7185353 vom 2025-03-11",
        "url": "https://www.ibm.com/support/pages/node/7185353"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:4005 vom 2025-04-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:4005"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7233394 vom 2025-05-14",
        "url": "https://www.ibm.com/support/pages/node/7233394"
      }
    ],
    "source_lang": "en-US",
    "title": "bzip2: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
    "tracking": {
      "current_release_date": "2025-05-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-15T09:09:16.946+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-3141",
      "initial_release_date": "2019-06-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-06-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-06-26T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-07-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-07-23T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-07-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-08-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und FreeBSD aufgenommen"
        },
        {
          "date": "2019-08-18T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-08-25T22:00:00.000+00:00",
          "number": "8",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-AABCB53EC6, FEDORA-2019-5C2DC50262"
        },
        {
          "date": "2019-09-08T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-10-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2019-11-13T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2021-06-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-05T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-04T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-27T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-29T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-02-03T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2025-02-05T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-06T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-13T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von BROCADE aufgenommen"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-02-27T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-10T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-21T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-05-14T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "28"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Broadcom Brocade SANnav",
            "product": {
              "name": "Broadcom Brocade SANnav",
              "product_id": "T034392",
              "product_identification_helper": {
                "cpe": "cpe:/a:broadcom:brocade_sannav:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.34",
                "product": {
                  "name": "IBM License Metric Tool \u003c9.2.34",
                  "product_id": "T031676"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.34",
                "product": {
                  "name": "IBM License Metric Tool 9.2.34",
                  "product_id": "T031676-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2.34"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v10",
                "product": {
                  "name": "IBM Power Hardware Management Console v10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP11 IF03",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF03",
                  "product_id": "T041724"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP11 IF03",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP11 IF03",
                  "product_id": "T041724-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if03"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP12",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP12",
                  "product_id": "T043784"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP12",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP12",
                  "product_id": "T043784-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.0.6",
                "product": {
                  "name": "Open Source bzip2 \u003c=1.0.6",
                  "product_id": "346900"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=1.0.6",
                "product": {
                  "name": "Open Source bzip2 \u003c=1.0.6",
                  "product_id": "346900-fixed"
                }
              },
              {
                "category": "product_name",
                "name": "Open Source bzip2",
                "product": {
                  "name": "Open Source bzip2",
                  "product_id": "T033959",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:bzip:bzip2:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "bzip2"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Service Interconnect 1",
                "product": {
                  "name": "Red Hat Enterprise Linux Service Interconnect 1",
                  "product_id": "T028472",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:service_interconnect_1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.14.46",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.14.46",
                  "product_id": "T040823"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.14.46",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.14.46",
                  "product_id": "T040823-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.46"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.45",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.45",
                  "product_id": "T041112"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.45",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.45",
                  "product_id": "T041112-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.45"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12900",
      "product_status": {
        "known_affected": [
          "T031676",
          "T028472",
          "67646",
          "4035",
          "T040823",
          "T041724",
          "T004914",
          "T043784",
          "T002207",
          "T034392",
          "T000126",
          "398363",
          "T033959",
          "T023373",
          "T041112"
        ],
        "last_affected": [
          "346900"
        ]
      },
      "release_date": "2019-06-23T22:00:00.000+00:00",
      "title": "CVE-2019-12900"
    }
  ]
}

WID-SEC-W-2024-3684

Vulnerability from csaf_certbund - Published: 2024-12-11 23:00 - Updated: 2024-12-11 23:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2019-12900

Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Pufferüberlauf oder einer unzulässigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2020-8908

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2021-22569

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2022-3171

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2022-40152

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2022-41881

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2022-41915

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-2976

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-31582

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-33546

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-34453

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-34454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-34455

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-34462

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-35116

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-36478

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-43642

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2023-44487

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-10041

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-10963

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-23454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-3596

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-45491

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-51504

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-52316

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-52317

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

CVE-2024-52318

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP10 IF02 IBM / QRadar SIEM		<7.5.0 UP10 IF02

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7178556	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3684 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3684.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3684 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3684"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-12-11",
        "url": "https://www.ibm.com/support/pages/node/7178556"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-12T09:36:59.736+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3684",
      "initial_release_date": "2024-12-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP10 IF02",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF02",
                  "product_id": "T039813"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP10 IF02",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP10 IF02",
                  "product_id": "T039813-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if02"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12900",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2019-12900"
    },
    {
      "cve": "CVE-2020-8908",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2021-22569",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-41915",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2022-41915"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-31582",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-31582"
    },
    {
      "cve": "CVE-2023-33546",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-33546"
    },
    {
      "cve": "CVE-2023-34453",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-34453"
    },
    {
      "cve": "CVE-2023-34454",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-34454"
    },
    {
      "cve": "CVE-2023-34455",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-34455"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-35116",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-36478",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-36478"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2024-10041",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-10041"
    },
    {
      "cve": "CVE-2024-10963",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-10963"
    },
    {
      "cve": "CVE-2024-23454",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-23454"
    },
    {
      "cve": "CVE-2024-3596",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-45491",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-45491"
    },
    {
      "cve": "CVE-2024-51504",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-51504"
    },
    {
      "cve": "CVE-2024-52316",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-52316"
    },
    {
      "cve": "CVE-2024-52317",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-52317"
    },
    {
      "cve": "CVE-2024-52318",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Puffer\u00fcberlauf oder einer unzul\u00e4ssigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039813"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-52318"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-12900 (GCVE-0-2019-12900)

SUSE-SU-2020:3729-1

SUSE-SU-2020:3790-1

SUSE-SU-2020:3918-1

WID-SEC-W-2023-1614

WID-SEC-W-2023-3141

WID-SEC-W-2024-3684

Tags

Sightings

Nomenclature