Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-41720
Vulnerability from cvelistv5
Published
2022-12-07 16:11
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@golang.org | https://go.dev/cl/455716 | Patch, Vendor Advisory | |
| security@golang.org | https://go.dev/issue/56694 | Issue Tracking, Vendor Advisory | |
| security@golang.org | https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ | Patch, Release Notes, Third Party Advisory | |
| security@golang.org | https://pkg.go.dev/vuln/GO-2022-1143 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/cl/455716 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/issue/56694 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pkg.go.dev/vuln/GO-2022-1143 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | os |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.510Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/56694", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/455716", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2022-1143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "os", platforms: [ "windows", ], product: "os", programRoutines: [ { name: "dirFS.Open", }, { name: "dirFS.Stat", }, { name: "DirFS", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.18.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.19.4", status: "affected", version: "1.19.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", platforms: [ "windows", ], product: "net/http", programRoutines: [ { name: "Dir.Open", }, { name: "ServeFile", }, { name: "fileHandler.ServeHTTP", }, { name: "fileTransport.RoundTrip", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.18.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.19.4", status: "affected", version: "1.19.0-0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", }, ], problemTypes: [ { descriptions: [ { description: "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-12T19:05:39.487Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/56694", }, { url: "https://go.dev/cl/455716", }, { url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { url: "https://pkg.go.dev/vuln/GO-2022-1143", }, ], title: "Restricted file access on Windows in os and net/http", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2022-41720", datePublished: "2022-12-07T16:11:18.867Z", dateReserved: "2022-09-28T17:00:06.609Z", dateUpdated: "2024-08-03T12:49:43.510Z", requesterUserId: "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-41720\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2022-12-07T17:15:10.293\",\"lastModified\":\"2024-11-21T07:23:44.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\\\"C:/tmp\\\").Open(\\\"COM1\\\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\\\"\\\") has changed. Previously, an empty root was treated equivalently to \\\"/\\\", so os.DirFS(\\\"\\\").Open(\\\"tmp\\\") would open the path \\\"/tmp\\\". This now returns an error.\"},{\"lang\":\"es\",\"value\":\"En Windows, se puede acceder a archivos restringidos a través de os.DirFS y http.Dir. La función os.DirFS y el tipo http.Dir brindan acceso a un árbol de archivos ubicados en un directorio determinado. Estas funciones permiten el acceso a archivos de dispositivos Windows bajo esa raíz. Por ejemplo, os.DirFS(\\\"C:/tmp\\\").Open(\\\"COM1\\\") abre el dispositivo COM1. Tanto os.DirFS como http.Dir solo brindan acceso al sistema de archivos de solo lectura. Además, en Windows, un os.DirFS para el directorio (la raíz de la unidad actual) puede permitir que una ruta creada con fines malintencionados escape de la unidad y acceda a cualquier ruta del sistema. Con la corrección aplicada, el comportamiento de os.DirFS(\\\"\\\") ha cambiado. Anteriormente, una raíz vacía se trataba de manera equivalente a \\\"/\\\", por lo que os.DirFS(\\\"\\\").Open(\\\"tmp\\\") abriría la ruta \\\"/tmp\\\". Esto ahora devuelve un error.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.9\",\"matchCriteriaId\":\"E0CD51B1-029E-442F-BE6A-772F4754D240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.4\",\"matchCriteriaId\":\"B6AEBFD1-DEE2-40E0-B65C-8C7885014797\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/455716\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56694\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1143\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/455716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}", }, }
suse-su-2023:2312-1
Vulnerability from csaf_suse
Published
2023-05-30 06:54
Modified
2023-05-30 06:54
Summary
Security update for go1.18-openssl
Notes
Title of the patch
Security update for go1.18-openssl
Description of the patch
This update for go1.18-openssl fixes the following issues:
- Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962)
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
- Improvements to go1.x packaging spec:
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
using go1.x package (%bcond_without gccgo). This is no longer
needed on current SLE-12:Update and removing will consolidate
the build configurations used.
* Change source URLs to go.dev as per Go upstream
* On x86_64 export GOAMD64=v1 as per the current baseline.
At this time forgo GOAMD64=v3 option for x86_64_v3 support.
* On x86_64 %define go_amd64=v1 as current instruction baseline
- Update to version 1.18.10.1 cut from the go1.18-openssl-fips
branch at the revision tagged go1.18.10-1-openssl-fips.
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
* Merge go1.18.10 into dev.boringcrypto.go1.18
- go1.18.10 (released 2023-01-10) includes fixes to cgo, the
compiler, the linker, and the crypto/x509, net/http, and syscall
packages.
Refs bsc#1193742 go1.18 release tracking
* go#57705 misc/cgo: backport needed for dlltool fix
* go#57426 crypto/x509: Verify on macOS does not return typed errors
* go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument.
* go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
* go#57213 os: TestLstat failure on Linux Aarch64
* go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
* go#57057 cmd/go: remove test dependency on gopkg.in service
* go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
* go#57044 cgo: malformed DWARF TagVariable entry
* go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
* go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
* go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
* go#56323 net/http: bad handling of HEAD requests with a body
Patchnames
SUSE-2023-2312,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2312,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2312,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2312,SUSE-SLE-Product-RT-15-SP3-2023-2312,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2312,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2312,SUSE-Storage-7.1-2023-2312,openSUSE-SLE-15.4-2023-2312,openSUSE-SLE-15.5-2023-2312
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.18-openssl", title: "Title of the patch", }, { category: "description", text: "This update for go1.18-openssl fixes the following issues:\n\n- Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962)\n * Main go1.x package included libstd.so in previous versions\n * Split libstd.so into subpackage that can be installed standalone\n * Continues the slimming down of main go1.x package by 40 Mb\n * Experimental and not recommended for general use, Go currently has no ABI\n * Upstream Go has not committed to support buildmode=shared long-term\n * Do not use in packaging, build static single binaries (the default)\n * Upstream Go go1.x binary releases do not include libstd.so\n * go1.x Suggests go1.x-libstd so not installed by default Recommends\n * go1.x-libstd does not Require: go1.x so can install standalone\n * Provides go-libstd unversioned package name\n * Fix build step -buildmode=shared std to omit -linkshared\n- Packaging improvements:\n * go1.x Suggests go1.x-doc so not installed by default Recommends\n * Use Group: Development/Languages/Go instead of Other\n\n- Improvements to go1.x packaging spec:\n * On Tumbleweed bootstrap with current default gcc13 and gccgo118\n * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap\n using go1.x package (%bcond_without gccgo). This is no longer\n needed on current SLE-12:Update and removing will consolidate\n the build configurations used.\n * Change source URLs to go.dev as per Go upstream\n * On x86_64 export GOAMD64=v1 as per the current baseline.\n At this time forgo GOAMD64=v3 option for x86_64_v3 support.\n * On x86_64 %define go_amd64=v1 as current instruction baseline\n\n- Update to version 1.18.10.1 cut from the go1.18-openssl-fips\n branch at the revision tagged go1.18.10-1-openssl-fips.\n * Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips\n * Merge go1.18.10 into dev.boringcrypto.go1.18\n\n- go1.18.10 (released 2023-01-10) includes fixes to cgo, the\n compiler, the linker, and the crypto/x509, net/http, and syscall\n packages.\n Refs bsc#1193742 go1.18 release tracking\n * go#57705 misc/cgo: backport needed for dlltool fix\n * go#57426 crypto/x509: Verify on macOS does not return typed errors\n * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument.\n * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices\n * go#57213 os: TestLstat failure on Linux Aarch64\n * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length\n * go#57057 cmd/go: remove test dependency on gopkg.in service\n * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders\n * go#57044 cgo: malformed DWARF TagVariable entry\n * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14\n * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused\n * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target\n * go#56323 net/http: bad handling of HEAD requests with a body\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-2312,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2312,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2312,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2312,SUSE-SLE-Product-RT-15-SP3-2023-2312,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2312,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2312,SUSE-Storage-7.1-2023-2312,openSUSE-SLE-15.4-2023-2312,openSUSE-SLE-15.5-2023-2312", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2312-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:2312-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20232312-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:2312-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-May/015005.html", }, { category: "self", summary: "SUSE Bug 1183043", url: "https://bugzilla.suse.com/1183043", }, { category: "self", summary: "SUSE Bug 1193742", url: "https://bugzilla.suse.com/1193742", }, { category: "self", summary: "SUSE Bug 1198423", url: "https://bugzilla.suse.com/1198423", }, { category: "self", summary: "SUSE Bug 1198424", url: "https://bugzilla.suse.com/1198424", }, { category: "self", summary: "SUSE Bug 1198427", url: "https://bugzilla.suse.com/1198427", }, { category: "self", summary: "SUSE Bug 1199413", url: "https://bugzilla.suse.com/1199413", }, { category: "self", summary: "SUSE Bug 1200134", url: "https://bugzilla.suse.com/1200134", }, { category: "self", summary: "SUSE Bug 1200135", url: "https://bugzilla.suse.com/1200135", }, { category: "self", summary: "SUSE Bug 1200136", url: "https://bugzilla.suse.com/1200136", }, { category: "self", summary: "SUSE Bug 1200137", url: "https://bugzilla.suse.com/1200137", }, { category: "self", summary: "SUSE Bug 1201434", url: "https://bugzilla.suse.com/1201434", }, { category: "self", summary: "SUSE Bug 1201436", url: "https://bugzilla.suse.com/1201436", }, { category: "self", summary: "SUSE Bug 1201437", url: "https://bugzilla.suse.com/1201437", }, { category: "self", summary: "SUSE Bug 1201440", url: "https://bugzilla.suse.com/1201440", }, { category: "self", summary: "SUSE Bug 1201443", url: "https://bugzilla.suse.com/1201443", }, { category: "self", summary: "SUSE Bug 1201444", url: "https://bugzilla.suse.com/1201444", }, { category: "self", summary: "SUSE Bug 1201445", url: "https://bugzilla.suse.com/1201445", }, { category: "self", summary: "SUSE Bug 1201447", url: "https://bugzilla.suse.com/1201447", }, { category: "self", summary: "SUSE Bug 1201448", url: "https://bugzilla.suse.com/1201448", }, { category: "self", summary: "SUSE Bug 1202035", url: "https://bugzilla.suse.com/1202035", }, { category: "self", summary: "SUSE Bug 1203185", url: "https://bugzilla.suse.com/1203185", }, { category: "self", summary: "SUSE Bug 1204023", url: "https://bugzilla.suse.com/1204023", }, { category: "self", summary: "SUSE Bug 1204024", url: "https://bugzilla.suse.com/1204024", }, { category: "self", summary: "SUSE Bug 1204025", url: "https://bugzilla.suse.com/1204025", }, { category: "self", summary: "SUSE Bug 1204941", url: "https://bugzilla.suse.com/1204941", }, { category: "self", summary: "SUSE Bug 1206134", url: "https://bugzilla.suse.com/1206134", }, { category: "self", summary: "SUSE Bug 1206135", url: "https://bugzilla.suse.com/1206135", }, { category: "self", summary: "SUSE Bug 1208270", url: "https://bugzilla.suse.com/1208270", }, { category: "self", summary: "SUSE Bug 1208271", url: "https://bugzilla.suse.com/1208271", }, { category: "self", summary: "SUSE Bug 1208272", url: "https://bugzilla.suse.com/1208272", }, { category: "self", summary: "SUSE Bug 1208491", url: "https://bugzilla.suse.com/1208491", }, { category: "self", summary: "SUSE CVE CVE-2022-1705 page", url: "https://www.suse.com/security/cve/CVE-2022-1705/", }, { category: "self", summary: "SUSE CVE CVE-2022-1962 page", url: "https://www.suse.com/security/cve/CVE-2022-1962/", }, { category: "self", summary: "SUSE CVE CVE-2022-24675 page", url: "https://www.suse.com/security/cve/CVE-2022-24675/", }, { category: "self", summary: "SUSE CVE CVE-2022-27536 page", url: "https://www.suse.com/security/cve/CVE-2022-27536/", }, { category: "self", summary: "SUSE CVE CVE-2022-27664 page", url: "https://www.suse.com/security/cve/CVE-2022-27664/", }, { category: "self", summary: "SUSE CVE CVE-2022-28131 page", url: "https://www.suse.com/security/cve/CVE-2022-28131/", }, { category: "self", summary: "SUSE CVE CVE-2022-28327 page", url: "https://www.suse.com/security/cve/CVE-2022-28327/", }, { category: "self", summary: "SUSE CVE CVE-2022-2879 page", url: "https://www.suse.com/security/cve/CVE-2022-2879/", }, { category: "self", summary: "SUSE CVE CVE-2022-2880 page", url: "https://www.suse.com/security/cve/CVE-2022-2880/", }, { category: "self", summary: "SUSE CVE CVE-2022-29526 page", url: "https://www.suse.com/security/cve/CVE-2022-29526/", }, { category: "self", summary: "SUSE CVE CVE-2022-29804 page", url: "https://www.suse.com/security/cve/CVE-2022-29804/", }, { category: "self", summary: "SUSE CVE CVE-2022-30580 page", url: "https://www.suse.com/security/cve/CVE-2022-30580/", }, { category: "self", summary: "SUSE CVE CVE-2022-30629 page", url: "https://www.suse.com/security/cve/CVE-2022-30629/", }, { category: "self", summary: "SUSE CVE CVE-2022-30630 page", url: "https://www.suse.com/security/cve/CVE-2022-30630/", }, { category: "self", summary: "SUSE CVE CVE-2022-30631 page", url: "https://www.suse.com/security/cve/CVE-2022-30631/", }, { category: "self", summary: "SUSE CVE CVE-2022-30632 page", url: "https://www.suse.com/security/cve/CVE-2022-30632/", }, { category: "self", summary: "SUSE CVE CVE-2022-30633 page", url: "https://www.suse.com/security/cve/CVE-2022-30633/", }, { category: "self", summary: "SUSE CVE CVE-2022-30634 page", url: "https://www.suse.com/security/cve/CVE-2022-30634/", }, { category: "self", summary: "SUSE CVE CVE-2022-30635 page", url: "https://www.suse.com/security/cve/CVE-2022-30635/", }, { category: "self", summary: "SUSE CVE CVE-2022-32148 page", url: "https://www.suse.com/security/cve/CVE-2022-32148/", }, { category: "self", summary: "SUSE CVE CVE-2022-32189 page", url: "https://www.suse.com/security/cve/CVE-2022-32189/", }, { category: "self", summary: "SUSE CVE CVE-2022-41715 page", url: "https://www.suse.com/security/cve/CVE-2022-41715/", }, { category: "self", summary: "SUSE CVE CVE-2022-41716 page", url: "https://www.suse.com/security/cve/CVE-2022-41716/", }, { category: "self", summary: "SUSE CVE CVE-2022-41717 page", url: "https://www.suse.com/security/cve/CVE-2022-41717/", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, { category: "self", summary: "SUSE CVE CVE-2022-41723 page", url: "https://www.suse.com/security/cve/CVE-2022-41723/", }, { category: "self", summary: "SUSE CVE CVE-2022-41724 page", url: "https://www.suse.com/security/cve/CVE-2022-41724/", }, { category: "self", summary: "SUSE CVE CVE-2022-41725 page", url: "https://www.suse.com/security/cve/CVE-2022-41725/", }, ], title: "Security update for go1.18-openssl", tracking: { current_release_date: "2023-05-30T06:54:51Z", generator: { date: "2023-05-30T06:54:51Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:2312-1", initial_release_date: "2023-05-30T06:54:51Z", revision_history: [ { date: "2023-05-30T06:54:51Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", product: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", product_id: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, }, { category: "product_version", name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", product: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", product_id: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, }, { category: "product_version", name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", product: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", product_id: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.18-openssl-1.18.10.1-150000.1.9.1.i586", product: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.i586", product_id: "go1.18-openssl-1.18.10.1-150000.1.9.1.i586", }, }, { category: "product_version", name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.i586", product: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.i586", product_id: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", product: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", product_id: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, }, { category: "product_version", name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", product: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", product_id: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", product: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", product_id: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", }, }, { category: "product_version", name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", product: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", product_id: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", product: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", product_id: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, }, { category: "product_version", name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", product: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", product_id: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, }, { category: "product_version", name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", product: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", product_id: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Real Time 15 SP3", product: { name: "SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle_rt:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", }, product_reference: "go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1705", }, ], notes: [ { category: "general", text: "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1705", url: "https://www.suse.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "SUSE Bug 1201434 for CVE-2022-1705", url: "https://bugzilla.suse.com/1201434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-1705", }, { cve: "CVE-2022-1962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1962", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1962", url: "https://www.suse.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "SUSE Bug 1201448 for CVE-2022-1962", url: "https://bugzilla.suse.com/1201448", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-1962", }, { cve: "CVE-2022-24675", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24675", }, ], notes: [ { category: "general", text: "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24675", url: "https://www.suse.com/security/cve/CVE-2022-24675", }, { category: "external", summary: "SUSE Bug 1198423 for CVE-2022-24675", url: "https://bugzilla.suse.com/1198423", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-24675", }, { cve: "CVE-2022-27536", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27536", }, ], notes: [ { category: "general", text: "Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27536", url: "https://www.suse.com/security/cve/CVE-2022-27536", }, { category: "external", summary: "SUSE Bug 1198427 for CVE-2022-27536", url: "https://bugzilla.suse.com/1198427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-27536", }, { cve: "CVE-2022-27664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27664", }, ], notes: [ { category: "general", text: "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27664", url: "https://www.suse.com/security/cve/CVE-2022-27664", }, { category: "external", summary: "SUSE Bug 1203185 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203185", }, { category: "external", summary: "SUSE Bug 1203293 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203293", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-27664", }, { cve: "CVE-2022-28131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28131", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28131", url: "https://www.suse.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "SUSE Bug 1201443 for CVE-2022-28131", url: "https://bugzilla.suse.com/1201443", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-28131", }, { cve: "CVE-2022-28327", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28327", }, ], notes: [ { category: "general", text: "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28327", url: "https://www.suse.com/security/cve/CVE-2022-28327", }, { category: "external", summary: "SUSE Bug 1198424 for CVE-2022-28327", url: "https://bugzilla.suse.com/1198424", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-28327", }, { cve: "CVE-2022-2879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2879", }, ], notes: [ { category: "general", text: "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2879", url: "https://www.suse.com/security/cve/CVE-2022-2879", }, { category: "external", summary: "SUSE Bug 1204024 for CVE-2022-2879", url: "https://bugzilla.suse.com/1204024", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-2879", }, { cve: "CVE-2022-2880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2880", }, ], notes: [ { category: "general", text: "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2880", url: "https://www.suse.com/security/cve/CVE-2022-2880", }, { category: "external", summary: "SUSE Bug 1204025 for CVE-2022-2880", url: "https://bugzilla.suse.com/1204025", }, { category: "external", summary: "SUSE Bug 1204076 for CVE-2022-2880", url: "https://bugzilla.suse.com/1204076", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-2880", }, { cve: "CVE-2022-29526", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29526", }, ], notes: [ { category: "general", text: "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29526", url: "https://www.suse.com/security/cve/CVE-2022-29526", }, { category: "external", summary: "SUSE Bug 1199413 for CVE-2022-29526", url: "https://bugzilla.suse.com/1199413", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-29526", }, { cve: "CVE-2022-29804", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29804", }, ], notes: [ { category: "general", text: "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29804", url: "https://www.suse.com/security/cve/CVE-2022-29804", }, { category: "external", summary: "SUSE Bug 1200137 for CVE-2022-29804", url: "https://bugzilla.suse.com/1200137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-29804", }, { cve: "CVE-2022-30580", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30580", }, ], notes: [ { category: "general", text: "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30580", url: "https://www.suse.com/security/cve/CVE-2022-30580", }, { category: "external", summary: "SUSE Bug 1200136 for CVE-2022-30580", url: "https://bugzilla.suse.com/1200136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30580", }, { cve: "CVE-2022-30629", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30629", }, ], notes: [ { category: "general", text: "Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30629", url: "https://www.suse.com/security/cve/CVE-2022-30629", }, { category: "external", summary: "SUSE Bug 1200135 for CVE-2022-30629", url: "https://bugzilla.suse.com/1200135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "low", }, ], title: "CVE-2022-30629", }, { cve: "CVE-2022-30630", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30630", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30630", url: "https://www.suse.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "SUSE Bug 1201447 for CVE-2022-30630", url: "https://bugzilla.suse.com/1201447", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30631", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30631", url: "https://www.suse.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "SUSE Bug 1201437 for CVE-2022-30631", url: "https://bugzilla.suse.com/1201437", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30632", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30632", url: "https://www.suse.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "SUSE Bug 1201445 for CVE-2022-30632", url: "https://bugzilla.suse.com/1201445", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30633", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30633", url: "https://www.suse.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "SUSE Bug 1201440 for CVE-2022-30633", url: "https://bugzilla.suse.com/1201440", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30633", }, { cve: "CVE-2022-30634", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30634", }, ], notes: [ { category: "general", text: "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30634", url: "https://www.suse.com/security/cve/CVE-2022-30634", }, { category: "external", summary: "SUSE Bug 1200134 for CVE-2022-30634", url: "https://bugzilla.suse.com/1200134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "low", }, ], title: "CVE-2022-30634", }, { cve: "CVE-2022-30635", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-30635", }, ], notes: [ { category: "general", text: "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-30635", url: "https://www.suse.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "SUSE Bug 1201444 for CVE-2022-30635", url: "https://bugzilla.suse.com/1201444", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-30635", }, { cve: "CVE-2022-32148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32148", }, ], notes: [ { category: "general", text: "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32148", url: "https://www.suse.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "SUSE Bug 1201436 for CVE-2022-32148", url: "https://bugzilla.suse.com/1201436", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-32148", }, { cve: "CVE-2022-32189", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32189", }, ], notes: [ { category: "general", text: "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32189", url: "https://www.suse.com/security/cve/CVE-2022-32189", }, { category: "external", summary: "SUSE Bug 1202035 for CVE-2022-32189", url: "https://bugzilla.suse.com/1202035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-32189", }, { cve: "CVE-2022-41715", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41715", }, ], notes: [ { category: "general", text: "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41715", url: "https://www.suse.com/security/cve/CVE-2022-41715", }, { category: "external", summary: "SUSE Bug 1204023 for CVE-2022-41715", url: "https://bugzilla.suse.com/1204023", }, { category: "external", summary: "SUSE Bug 1208441 for CVE-2022-41715", url: "https://bugzilla.suse.com/1208441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-41715", }, { cve: "CVE-2022-41716", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41716", }, ], notes: [ { category: "general", text: "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41716", url: "https://www.suse.com/security/cve/CVE-2022-41716", }, { category: "external", summary: "SUSE Bug 1204941 for CVE-2022-41716", url: "https://bugzilla.suse.com/1204941", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "low", }, ], title: "CVE-2022-41716", }, { cve: "CVE-2022-41717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41717", }, ], notes: [ { category: "general", text: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41717", url: "https://www.suse.com/security/cve/CVE-2022-41717", }, { category: "external", summary: "SUSE Bug 1206135 for CVE-2022-41717", url: "https://bugzilla.suse.com/1206135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-41720", }, { cve: "CVE-2022-41723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41723", }, ], notes: [ { category: "general", text: "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41723", url: "https://www.suse.com/security/cve/CVE-2022-41723", }, { category: "external", summary: "SUSE Bug 1208270 for CVE-2022-41723", url: "https://bugzilla.suse.com/1208270", }, { category: "external", summary: "SUSE Bug 1215588 for CVE-2022-41723", url: "https://bugzilla.suse.com/1215588", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-41723", }, { cve: "CVE-2022-41724", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41724", }, ], notes: [ { category: "general", text: "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41724", url: "https://www.suse.com/security/cve/CVE-2022-41724", }, { category: "external", summary: "SUSE Bug 1208271 for CVE-2022-41724", url: "https://bugzilla.suse.com/1208271", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "important", }, ], title: "CVE-2022-41724", }, { cve: "CVE-2022-41725", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41725", }, ], notes: [ { category: "general", text: "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41725", url: "https://www.suse.com/security/cve/CVE-2022-41725", }, { category: "external", summary: "SUSE Bug 1208272 for CVE-2022-41725", url: "https://bugzilla.suse.com/1208272", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Enterprise Storage 7.1:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Real Time 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-05-30T06:54:51Z", details: "moderate", }, ], title: "CVE-2022-41725", }, ], }
suse-su-2023:0871-1
Vulnerability from csaf_suse
Published
2023-03-22 13:33
Modified
2023-03-22 13:33
Summary
Security update for container-suseconnect
Notes
Title of the patch
Security update for container-suseconnect
Description of the patch
This update of container-suseconnect fixes the following issue:
- container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).
- CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).
- CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).
- CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).
- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).
Patchnames
SUSE-2023-871,SUSE-SLE-Module-Containers-15-SP4-2023-871,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-871,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-871,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-871,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-871,SUSE-Storage-7-2023-871,SUSE-Storage-7.1-2023-871
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for container-suseconnect", title: "Title of the patch", }, { category: "description", text: "\nThis update of container-suseconnect fixes the following issue:\n\n- container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.\n\n- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).\n- CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).\n- CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).\n- CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).\n\n- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-871,SUSE-SLE-Module-Containers-15-SP4-2023-871,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-871,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-871,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-871,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-871,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-871,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-871,SUSE-Storage-7-2023-871,SUSE-Storage-7.1-2023-871", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0871-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0871-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230871-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0871-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014139.html", }, { category: "self", summary: "SUSE Bug 1200441", url: "https://bugzilla.suse.com/1200441", }, { category: "self", summary: "SUSE Bug 1206134", url: "https://bugzilla.suse.com/1206134", }, { category: "self", summary: "SUSE Bug 1208270", url: "https://bugzilla.suse.com/1208270", }, { category: "self", summary: "SUSE Bug 1208271", url: "https://bugzilla.suse.com/1208271", }, { category: "self", summary: "SUSE Bug 1208272", url: "https://bugzilla.suse.com/1208272", }, { category: "self", summary: "SUSE Bug 1209030", url: "https://bugzilla.suse.com/1209030", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, { category: "self", summary: "SUSE CVE CVE-2022-41723 page", url: "https://www.suse.com/security/cve/CVE-2022-41723/", }, { category: "self", summary: "SUSE CVE CVE-2022-41724 page", url: "https://www.suse.com/security/cve/CVE-2022-41724/", }, { category: "self", summary: "SUSE CVE CVE-2022-41725 page", url: "https://www.suse.com/security/cve/CVE-2022-41725/", }, { category: "self", summary: "SUSE CVE CVE-2023-24532 page", url: "https://www.suse.com/security/cve/CVE-2023-24532/", }, ], title: "Security update for container-suseconnect", tracking: { current_release_date: "2023-03-22T13:33:28Z", generator: { date: "2023-03-22T13:33:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0871-1", initial_release_date: "2023-03-22T13:33:28Z", revision_history: [ { date: "2023-03-22T13:33:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", product: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", product_id: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "container-suseconnect-2.4.0-150000.4.24.1.i586", product: { name: "container-suseconnect-2.4.0-150000.4.24.1.i586", product_id: "container-suseconnect-2.4.0-150000.4.24.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", product: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", product_id: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "container-suseconnect-2.4.0-150000.4.24.1.s390x", product: { name: "container-suseconnect-2.4.0-150000.4.24.1.s390x", product_id: "container-suseconnect-2.4.0-150000.4.24.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", product: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", product_id: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP4", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.aarch64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "container-suseconnect-2.4.0-150000.4.24.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", }, product_reference: "container-suseconnect-2.4.0-150000.4.24.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-03-22T13:33:28Z", details: "important", }, ], title: "CVE-2022-41720", }, { cve: "CVE-2022-41723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41723", }, ], notes: [ { category: "general", text: "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41723", url: "https://www.suse.com/security/cve/CVE-2022-41723", }, { category: "external", summary: "SUSE Bug 1208270 for CVE-2022-41723", url: "https://bugzilla.suse.com/1208270", }, { category: "external", summary: "SUSE Bug 1215588 for CVE-2022-41723", url: "https://bugzilla.suse.com/1215588", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-03-22T13:33:28Z", details: "important", }, ], title: "CVE-2022-41723", }, { cve: "CVE-2022-41724", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41724", }, ], notes: [ { category: "general", text: "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41724", url: "https://www.suse.com/security/cve/CVE-2022-41724", }, { category: "external", summary: "SUSE Bug 1208271 for CVE-2022-41724", url: "https://bugzilla.suse.com/1208271", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-03-22T13:33:28Z", details: "important", }, ], title: "CVE-2022-41724", }, { cve: "CVE-2022-41725", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41725", }, ], notes: [ { category: "general", text: "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41725", url: "https://www.suse.com/security/cve/CVE-2022-41725", }, { category: "external", summary: "SUSE Bug 1208272 for CVE-2022-41725", url: "https://bugzilla.suse.com/1208272", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-03-22T13:33:28Z", details: "moderate", }, ], title: "CVE-2022-41725", }, { cve: "CVE-2023-24532", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-24532", }, ], notes: [ { category: "general", text: "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-24532", url: "https://www.suse.com/security/cve/CVE-2023-24532", }, { category: "external", summary: "SUSE Bug 1209030 for CVE-2023-24532", url: "https://bugzilla.suse.com/1209030", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7.1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Enterprise Storage 7:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:container-suseconnect-2.4.0-150000.4.24.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:container-suseconnect-2.4.0-150000.4.24.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-03-22T13:33:28Z", details: "important", }, ], title: "CVE-2023-24532", }, ], }
suse-su-2022:4397-1
Vulnerability from csaf_suse
Published
2022-12-09 14:59
Modified
2022-12-09 14:59
Summary
Security update for go1.19
Notes
Title of the patch
Security update for go1.19
Description of the patch
This update for go1.19 fixes the following issues:
Update to version 1.19.4, includes the following security fixes:
- CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135).
- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).
Patchnames
SUSE-2022-4397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4397,openSUSE-SLE-15.3-2022-4397,openSUSE-SLE-15.4-2022-4397
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.19", title: "Title of the patch", }, { category: "description", text: "This update for go1.19 fixes the following issues:\n\nUpdate to version 1.19.4, includes the following security fixes:\n\n- CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135).\n- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4397,openSUSE-SLE-15.3-2022-4397,openSUSE-SLE-15.4-2022-4397", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4397-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4397-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224397-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4397-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013213.html", }, { category: "self", summary: "SUSE Bug 1200441", url: "https://bugzilla.suse.com/1200441", }, { category: "self", summary: "SUSE Bug 1206134", url: "https://bugzilla.suse.com/1206134", }, { category: "self", summary: "SUSE Bug 1206135", url: "https://bugzilla.suse.com/1206135", }, { category: "self", summary: "SUSE CVE CVE-2022-41717 page", url: "https://www.suse.com/security/cve/CVE-2022-41717/", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, ], title: "Security update for go1.19", tracking: { current_release_date: "2022-12-09T14:59:31Z", generator: { date: "2022-12-09T14:59:31Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4397-1", initial_release_date: "2022-12-09T14:59:31Z", revision_history: [ { date: "2022-12-09T14:59:31Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.19-1.19.4-150000.1.18.1.aarch64", product: { name: "go1.19-1.19.4-150000.1.18.1.aarch64", product_id: "go1.19-1.19.4-150000.1.18.1.aarch64", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", product: { name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", product_id: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", }, }, { category: "product_version", name: "go1.19-race-1.19.4-150000.1.18.1.aarch64", product: { name: "go1.19-race-1.19.4-150000.1.18.1.aarch64", product_id: "go1.19-race-1.19.4-150000.1.18.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-150000.1.18.1.i586", product: { name: "go1.19-1.19.4-150000.1.18.1.i586", product_id: "go1.19-1.19.4-150000.1.18.1.i586", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-150000.1.18.1.i586", product: { name: "go1.19-doc-1.19.4-150000.1.18.1.i586", product_id: "go1.19-doc-1.19.4-150000.1.18.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-150000.1.18.1.ppc64le", product: { name: "go1.19-1.19.4-150000.1.18.1.ppc64le", product_id: "go1.19-1.19.4-150000.1.18.1.ppc64le", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", product: { name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", product_id: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", }, }, { category: "product_version", name: "go1.19-race-1.19.4-150000.1.18.1.ppc64le", product: { name: "go1.19-race-1.19.4-150000.1.18.1.ppc64le", product_id: "go1.19-race-1.19.4-150000.1.18.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-150000.1.18.1.s390x", product: { name: "go1.19-1.19.4-150000.1.18.1.s390x", product_id: "go1.19-1.19.4-150000.1.18.1.s390x", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-150000.1.18.1.s390x", product: { name: "go1.19-doc-1.19.4-150000.1.18.1.s390x", product_id: "go1.19-doc-1.19.4-150000.1.18.1.s390x", }, }, { category: "product_version", name: "go1.19-race-1.19.4-150000.1.18.1.s390x", product: { name: "go1.19-race-1.19.4-150000.1.18.1.s390x", product_id: "go1.19-race-1.19.4-150000.1.18.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-150000.1.18.1.x86_64", product: { name: "go1.19-1.19.4-150000.1.18.1.x86_64", product_id: "go1.19-1.19.4-150000.1.18.1.x86_64", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", product: { name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", product_id: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", }, }, { category: "product_version", name: "go1.19-race-1.19.4-150000.1.18.1.x86_64", product: { name: "go1.19-race-1.19.4-150000.1.18.1.x86_64", product_id: "go1.19-race-1.19.4-150000.1.18.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-doc-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-150000.1.18.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", }, product_reference: "go1.19-race-1.19.4-150000.1.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41717", }, ], notes: [ { category: "general", text: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41717", url: "https://www.suse.com/security/cve/CVE-2022-41717", }, { category: "external", summary: "SUSE Bug 1206135 for CVE-2022-41717", url: "https://bugzilla.suse.com/1206135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-12-09T14:59:31Z", details: "important", }, ], title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.3:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.3:go1.19-race-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.ppc64le", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.s390x", "openSUSE Leap 15.4:go1.19-doc-1.19.4-150000.1.18.1.x86_64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.aarch64", "openSUSE Leap 15.4:go1.19-race-1.19.4-150000.1.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-12-09T14:59:31Z", details: "important", }, ], title: "CVE-2022-41720", }, ], }
suse-su-2022:4398-1
Vulnerability from csaf_suse
Published
2022-12-09 14:59
Modified
2022-12-09 14:59
Summary
Security update for go1.18
Notes
Title of the patch
Security update for go1.18
Description of the patch
This update for go1.18 fixes the following issues:
Update to version 1.18.9, includes the following security fixes:
- CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135)
- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134)
Patchnames
SUSE-2022-4398,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4398,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4398,openSUSE-SLE-15.3-2022-4398,openSUSE-SLE-15.4-2022-4398
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.18", title: "Title of the patch", }, { category: "description", text: "This update for go1.18 fixes the following issues:\n\nUpdate to version 1.18.9, includes the following security fixes:\n\n- CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135)\n- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4398,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4398,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4398,openSUSE-SLE-15.3-2022-4398,openSUSE-SLE-15.4-2022-4398", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4398-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4398-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224398-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4398-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013214.html", }, { category: "self", summary: "SUSE Bug 1193742", url: "https://bugzilla.suse.com/1193742", }, { category: "self", summary: "SUSE Bug 1206134", url: "https://bugzilla.suse.com/1206134", }, { category: "self", summary: "SUSE Bug 1206135", url: "https://bugzilla.suse.com/1206135", }, { category: "self", summary: "SUSE CVE CVE-2022-41717 page", url: "https://www.suse.com/security/cve/CVE-2022-41717/", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, ], title: "Security update for go1.18", tracking: { current_release_date: "2022-12-09T14:59:49Z", generator: { date: "2022-12-09T14:59:49Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4398-1", initial_release_date: "2022-12-09T14:59:49Z", revision_history: [ { date: "2022-12-09T14:59:49Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.18-1.18.9-150000.1.40.1.aarch64", product: { name: "go1.18-1.18.9-150000.1.40.1.aarch64", product_id: "go1.18-1.18.9-150000.1.40.1.aarch64", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", product: { name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", product_id: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", }, }, { category: "product_version", name: "go1.18-race-1.18.9-150000.1.40.1.aarch64", product: { name: "go1.18-race-1.18.9-150000.1.40.1.aarch64", product_id: "go1.18-race-1.18.9-150000.1.40.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-150000.1.40.1.i586", product: { name: "go1.18-1.18.9-150000.1.40.1.i586", product_id: "go1.18-1.18.9-150000.1.40.1.i586", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-150000.1.40.1.i586", product: { name: "go1.18-doc-1.18.9-150000.1.40.1.i586", product_id: "go1.18-doc-1.18.9-150000.1.40.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-150000.1.40.1.ppc64le", product: { name: "go1.18-1.18.9-150000.1.40.1.ppc64le", product_id: "go1.18-1.18.9-150000.1.40.1.ppc64le", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", product: { name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", product_id: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-150000.1.40.1.s390x", product: { name: "go1.18-1.18.9-150000.1.40.1.s390x", product_id: "go1.18-1.18.9-150000.1.40.1.s390x", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-150000.1.40.1.s390x", product: { name: "go1.18-doc-1.18.9-150000.1.40.1.s390x", product_id: "go1.18-doc-1.18.9-150000.1.40.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-150000.1.40.1.x86_64", product: { name: "go1.18-1.18.9-150000.1.40.1.x86_64", product_id: "go1.18-1.18.9-150000.1.40.1.x86_64", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", product: { name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", product_id: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", }, }, { category: "product_version", name: "go1.18-race-1.18.9-150000.1.40.1.x86_64", product: { name: "go1.18-race-1.18.9-150000.1.40.1.x86_64", product_id: "go1.18-race-1.18.9-150000.1.40.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-doc-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-150000.1.40.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", }, product_reference: "go1.18-race-1.18.9-150000.1.40.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41717", }, ], notes: [ { category: "general", text: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41717", url: "https://www.suse.com/security/cve/CVE-2022-41717", }, { category: "external", summary: "SUSE Bug 1206135 for CVE-2022-41717", url: "https://bugzilla.suse.com/1206135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-12-09T14:59:49Z", details: "important", }, ], title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.3:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.3:go1.18-race-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.ppc64le", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.s390x", "openSUSE Leap 15.4:go1.18-doc-1.18.9-150000.1.40.1.x86_64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.aarch64", "openSUSE Leap 15.4:go1.18-race-1.18.9-150000.1.40.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-12-09T14:59:49Z", details: "important", }, ], title: "CVE-2022-41720", }, ], }
gsd-2022-41720
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-41720", id: "GSD-2022-41720", references: [ "https://www.suse.com/security/cve/CVE-2022-41720.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-41720", ], details: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", id: "GSD-2022-41720", modified: "2023-12-13T01:19:33.178757Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@golang.org", ID: "CVE-2022-41720", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "os", version: { version_data: [ { version_affected: "<", version_name: "0", version_value: "1.18.9", }, { version_affected: "<", version_name: "1.19.0-0", version_value: "1.19.4", }, ], }, }, { product_name: "net/http", version: { version_data: [ { version_affected: "<", version_name: "0", version_value: "1.18.9", }, { version_affected: "<", version_name: "1.19.0-0", version_value: "1.19.4", }, ], }, }, ], }, vendor_name: "Go standard library", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, ], }, ], }, references: { reference_data: [ { name: "https://go.dev/issue/56694", refsource: "MISC", url: "https://go.dev/issue/56694", }, { name: "https://go.dev/cl/455716", refsource: "MISC", url: "https://go.dev/cl/455716", }, { name: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", refsource: "MISC", url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { name: "https://pkg.go.dev/vuln/GO-2022-1143", refsource: "MISC", url: "https://pkg.go.dev/vuln/GO-2022-1143", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.19.4", versionStartIncluding: "1.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.18.9", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@golang.org", ID: "CVE-2022-41720", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", refsource: "MISC", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { name: "https://pkg.go.dev/vuln/GO-2022-1143", refsource: "MISC", tags: [ "Patch", "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2022-1143", }, { name: "https://go.dev/cl/455716", refsource: "MISC", tags: [ "Patch", "Vendor Advisory", ], url: "https://go.dev/cl/455716", }, { name: "https://go.dev/issue/56694", refsource: "MISC", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://go.dev/issue/56694", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2022-12-12T14:58Z", publishedDate: "2022-12-07T17:15Z", }, }, }
wid-sec-w-2023-1350
Vulnerability from csaf_certbund
Published
2023-06-01 22:00
Modified
2024-02-15 23:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1350 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json", }, { category: "self", summary: "WID-SEC-2023-1350 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350", }, { category: "external", summary: "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01", url: "https://advisory.splunk.com/advisories/SVD-2023-0613", }, { category: "external", summary: "IBM Security Bulletin 7008449 vom 2023-06-29", url: "https://www.ibm.com/support/pages/node/7008449", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html", }, ], source_lang: "en-US", title: "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern", tracking: { current_release_date: "2024-02-15T23:00:00.000+00:00", generator: { date: "2024-08-15T17:51:43.161+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1350", initial_release_date: "2023-06-01T22:00:00.000+00:00", revision_history: [ { date: "2023-06-01T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-06-29T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-23T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-15T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM DB2", product: { name: "IBM DB2", product_id: "5104", product_identification_helper: { cpe: "cpe:/a:ibm:db2:-", }, }, }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 8.1.14", product: { name: "Splunk Splunk Enterprise < 8.1.14", product_id: "T027935", }, }, { category: "product_version_range", name: "< 8.2.11", product: { name: "Splunk Splunk Enterprise < 8.2.11", product_id: "T027936", }, }, { category: "product_version_range", name: "< 9.0.5", product: { name: "Splunk Splunk Enterprise < 9.0.5", product_id: "T027937", }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, ], }, vulnerabilities: [ { cve: "CVE-2023-27538", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27537", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27537", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-46175", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-46175", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-4200", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-4200", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-40023", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40023", }, { cve: "CVE-2022-38900", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-38900", }, { cve: "CVE-2022-37616", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37616", }, { cve: "CVE-2022-37603", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37603", }, { cve: "CVE-2022-37601", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37601", }, { cve: "CVE-2022-37599", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37599", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-33987", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-33987", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27780", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27780", }, { cve: "CVE-2022-27779", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27779", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-25858", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-25858", }, { cve: "CVE-2022-24999", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24999", }, { cve: "CVE-2022-24921", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24921", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2021-43565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-43565", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-36976", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-36976", }, { cve: "CVE-2021-3520", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-3520", }, { cve: "CVE-2021-33587", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33587", }, { cve: "CVE-2021-33503", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33503", }, { cve: "CVE-2021-33502", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33502", }, { cve: "CVE-2021-31566", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-31566", }, { cve: "CVE-2021-29060", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-29060", }, { cve: "CVE-2021-27292", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-27292", }, { cve: "CVE-2021-23382", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23382", }, { cve: "CVE-2021-23368", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23368", }, { cve: "CVE-2021-23343", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23343", }, { cve: "CVE-2021-22947", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22947", }, { cve: "CVE-2021-22946", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22946", }, { cve: "CVE-2021-22945", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22945", }, { cve: "CVE-2021-22926", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22926", }, { cve: "CVE-2021-22925", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22925", }, { cve: "CVE-2021-22924", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22924", }, { cve: "CVE-2021-22923", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22923", }, { cve: "CVE-2021-22922", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22922", }, { cve: "CVE-2021-22901", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22901", }, { cve: "CVE-2021-22898", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22898", }, { cve: "CVE-2021-22897", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22897", }, { cve: "CVE-2021-22890", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22890", }, { cve: "CVE-2021-22876", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22876", }, { cve: "CVE-2021-20095", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-20095", }, { cve: "CVE-2020-8286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8286", }, { cve: "CVE-2020-8285", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8285", }, { cve: "CVE-2020-8284", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8284", }, { cve: "CVE-2020-8231", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8231", }, { cve: "CVE-2020-8203", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8203", }, { cve: "CVE-2020-8177", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8177", }, { cve: "CVE-2020-8169", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8169", }, { cve: "CVE-2020-8116", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8116", }, { cve: "CVE-2020-7774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7774", }, { cve: "CVE-2020-7753", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7753", }, { cve: "CVE-2020-7662", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7662", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-15138", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-15138", }, { cve: "CVE-2020-13822", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-13822", }, { cve: "CVE-2019-20149", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-20149", }, { cve: "CVE-2019-10746", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-10746", }, { cve: "CVE-2019-10744", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-10744", }, { cve: "CVE-2018-25032", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2018-25032", }, { cve: "CVE-2017-16042", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2017-16042", }, ], }
wid-sec-w-2023-2229
Vulnerability from csaf_certbund
Published
2023-08-30 22:00
Modified
2024-08-12 22:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2229 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json", }, { category: "self", summary: "WID-SEC-2023-2229 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0801", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0802", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0803", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0804", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0805", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0806", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0807", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0808", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28", url: "https://linux.oracle.com/errata/ELSA-2024-2988.html", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02", url: "https://advisory.splunk.com/advisories/SVD-2024-0718", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12", url: "https://advisory.splunk.com//advisories/SVD-2024-0801", }, ], source_lang: "en-US", title: "Splunk Splunk Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:57:53.670+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2229", initial_release_date: "2023-08-30T22:00:00.000+00:00", revision_history: [ { date: "2023-08-30T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-01-23T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-07-01T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-08-12T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Splunk-SVD aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_name", name: "Splunk Splunk Enterprise", product: { name: "Splunk Splunk Enterprise", product_id: "T008911", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:-", }, }, }, { category: "product_version_range", name: "<9.1.1", product: { name: "Splunk Splunk Enterprise <9.1.1", product_id: "T029634", }, }, { category: "product_version_range", name: "<9.0.6", product: { name: "Splunk Splunk Enterprise <9.0.6", product_id: "T029635", }, }, { category: "product_version_range", name: "<8.2.12", product: { name: "Splunk Splunk Enterprise <8.2.12", product_id: "T029636", }, }, { category: "product_version_range", name: "<9.2.1", product: { name: "Splunk Splunk Enterprise <9.2.1", product_id: "T033705", }, }, { category: "product_version_range", name: "<9.1.4", product: { name: "Splunk Splunk Enterprise <9.1.4", product_id: "T033718", }, }, { category: "product_version_range", name: "<9.0.9", product: { name: "Splunk Splunk Enterprise <9.0.9", product_id: "T033720", }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7489", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2013-7489", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-20225", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2018-20225", }, { cve: "CVE-2019-20454", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2019-20454", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-28851", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-28851", }, { cve: "CVE-2020-29652", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-29652", }, { cve: "CVE-2020-8169", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8169", }, { cve: "CVE-2020-8177", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8177", }, { cve: "CVE-2020-8231", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8231", }, { cve: "CVE-2020-8284", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8284", }, { cve: "CVE-2020-8285", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8285", }, { cve: "CVE-2020-8286", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8286", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2021-20066", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-20066", }, { cve: "CVE-2021-22569", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22569", }, { cve: "CVE-2021-22876", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22876", }, { cve: "CVE-2021-22890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22890", }, { cve: "CVE-2021-22897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22897", }, { cve: "CVE-2021-22898", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22898", }, { cve: "CVE-2021-22901", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22901", }, { cve: "CVE-2021-22922", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22922", }, { cve: "CVE-2021-22923", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22923", }, { cve: "CVE-2021-22924", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22924", }, { cve: "CVE-2021-22925", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22925", }, { cve: "CVE-2021-22926", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22926", }, { cve: "CVE-2021-22945", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22945", }, { cve: "CVE-2021-22946", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22946", }, { cve: "CVE-2021-22947", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22947", }, { cve: "CVE-2021-23343", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-23343", }, { cve: "CVE-2021-23382", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-23382", }, { cve: "CVE-2021-27918", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-27918", }, { cve: "CVE-2021-27919", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-27919", }, { cve: "CVE-2021-29060", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29060", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-29923", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29923", }, { cve: "CVE-2021-31525", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-31525", }, { cve: "CVE-2021-31566", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-31566", }, { cve: "CVE-2021-33194", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33194", }, { cve: "CVE-2021-33195", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33195", }, { cve: "CVE-2021-33196", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33196", }, { cve: "CVE-2021-33197", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33197", }, { cve: "CVE-2021-33198", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33198", }, { cve: "CVE-2021-34558", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-34558", }, { cve: "CVE-2021-3520", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3520", }, { cve: "CVE-2021-3572", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3572", }, { cve: "CVE-2021-36221", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-36221", }, { cve: "CVE-2021-36976", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-36976", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-38297", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-38297", }, { cve: "CVE-2021-38561", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-39293", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-39293", }, { cve: "CVE-2021-41182", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41182", }, { cve: "CVE-2021-41183", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41183", }, { cve: "CVE-2021-41184", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41184", }, { cve: "CVE-2021-41771", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41771", }, { cve: "CVE-2021-41772", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41772", }, { cve: "CVE-2021-43565", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-43565", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44717", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-44717", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1941", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1941", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2022-2309", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2309", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-24921", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24921", }, { cve: "CVE-2022-24999", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24999", }, { cve: "CVE-2022-25881", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-25881", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-27536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27536", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27779", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27779", }, { cve: "CVE-2022-27780", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27780", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-32149", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32149", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-33987", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-33987", }, { cve: "CVE-2022-3509", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3509", }, { cve: "CVE-2022-3510", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3510", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-37599", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37599", }, { cve: "CVE-2022-37601", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37601", }, { cve: "CVE-2022-37603", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37603", }, { cve: "CVE-2022-38900", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-38900", }, { cve: "CVE-2022-40023", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40023", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-40899", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40899", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41722", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41722", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-46175", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-46175", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-24539", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-24539", }, { cve: "CVE-2023-24540", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-24540", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27537", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27537", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-29400", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29400", }, { cve: "CVE-2023-29402", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29402", }, { cve: "CVE-2023-29403", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29403", }, { cve: "CVE-2023-29404", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29404", }, { cve: "CVE-2023-29405", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29405", }, { cve: "CVE-2023-40592", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40592", }, { cve: "CVE-2023-40593", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40593", }, { cve: "CVE-2023-40594", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40594", }, { cve: "CVE-2023-40595", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40595", }, { cve: "CVE-2023-40596", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40596", }, { cve: "CVE-2023-40597", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40597", }, { cve: "CVE-2023-40598", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40598", }, ], }
WID-SEC-W-2023-2031
Vulnerability from csaf_certbund
Published
2023-08-09 22:00
Modified
2024-08-08 22:00
Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2031 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2031.json", }, { category: "self", summary: "WID-SEC-2023-2031 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2031", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-08-09", url: "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-011_FFPSv7-S11_MediaInstall_Aug2023.pdf", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-08-09", url: "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-012_FFPSv2_Win10_SecurityBulletin_Aug2023.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX23-013 vom 2023-08-24", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2023/08/Xerox-Security-Bulletin-XRX23-013-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2331 vom 2023-11-02", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2331.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-17 vom 2024-08-09", url: "https://security.gentoo.org/glsa/202408-17", }, ], source_lang: "en-US", title: "Xerox FreeFlow Print Server: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-08T22:00:00.000+00:00", generator: { date: "2024-08-15T17:56:55.155+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2031", initial_release_date: "2023-08-09T22:00:00.000+00:00", revision_history: [ { date: "2023-08-09T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-08-24T22:00:00.000+00:00", number: "2", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2023-11-02T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-08T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "v2", product: { name: "Xerox FreeFlow Print Server v2", product_id: "T014888", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v2", }, }, }, { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, { category: "product_version", name: "v7 for Solaris", product: { name: "Xerox FreeFlow Print Server v7 for Solaris", product_id: "T029230", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v7_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2004-0687", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2004-0687", }, { cve: "CVE-2020-23903", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2020-23903", }, { cve: "CVE-2020-23904", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2020-23904", }, { cve: "CVE-2021-33621", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-33621", }, { cve: "CVE-2021-33657", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-33657", }, { cve: "CVE-2021-3575", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-3575", }, { cve: "CVE-2021-3618", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-3618", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2022-2097", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-2097", }, { cve: "CVE-2022-21123", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21123", }, { cve: "CVE-2022-21125", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21125", }, { cve: "CVE-2022-21127", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21127", }, { cve: "CVE-2022-21166", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21166", }, { cve: "CVE-2022-21589", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21589", }, { cve: "CVE-2022-21592", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21592", }, { cve: "CVE-2022-21608", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21608", }, { cve: "CVE-2022-21617", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21617", }, { cve: "CVE-2022-28805", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-28805", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-31783", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-31783", }, { cve: "CVE-2022-33099", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-33099", }, { cve: "CVE-2022-3729", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-3729", }, { cve: "CVE-2022-37290", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-37290", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-39348", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-39348", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41717", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41722", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41722", }, { cve: "CVE-2022-41723", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41723", }, { cve: "CVE-2022-41724", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41724", }, { cve: "CVE-2022-41725", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41725", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-44617", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44617", }, { cve: "CVE-2022-44792", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44792", }, { cve: "CVE-2022-44793", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44793", }, { cve: "CVE-2022-46285", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46285", }, { cve: "CVE-2022-46663", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46663", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-4743", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4743", }, { cve: "CVE-2022-48303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-48303", }, { cve: "CVE-2022-4883", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4883", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2023-0002", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0002", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0494", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0494", }, { cve: "CVE-2023-0547", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0547", }, { cve: "CVE-2023-1161", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1161", }, { cve: "CVE-2023-1945", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1945", }, { cve: "CVE-2023-1992", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1992", }, { cve: "CVE-2023-1993", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1993", }, { cve: "CVE-2023-1994", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1994", }, { cve: "CVE-2023-1999", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1999", }, { cve: "CVE-2023-21526", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21526", }, { cve: "CVE-2023-21756", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21756", }, { cve: "CVE-2023-21911", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21911", }, { cve: "CVE-2023-21912", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21912", }, { cve: "CVE-2023-21919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21919", }, { cve: "CVE-2023-21920", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21920", }, { cve: "CVE-2023-21929", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21929", }, { cve: "CVE-2023-21933", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21933", }, { cve: "CVE-2023-21935", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21935", }, { cve: "CVE-2023-21940", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21940", }, { cve: "CVE-2023-21945", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21945", }, { cve: "CVE-2023-21946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21946", }, { cve: "CVE-2023-21947", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21947", }, { cve: "CVE-2023-21953", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21953", }, { cve: "CVE-2023-21955", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21955", }, { cve: "CVE-2023-21962", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21962", }, { cve: "CVE-2023-21966", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21966", }, { cve: "CVE-2023-21972", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21972", }, { cve: "CVE-2023-21976", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21976", }, { cve: "CVE-2023-21977", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21977", }, { cve: "CVE-2023-21980", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21980", }, { cve: "CVE-2023-21982", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21982", }, { cve: "CVE-2023-21995", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21995", }, { cve: "CVE-2023-22006", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22006", }, { cve: "CVE-2023-22023", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22023", }, { cve: "CVE-2023-22036", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22036", }, { cve: "CVE-2023-22041", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22041", }, { cve: "CVE-2023-22044", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22044", }, { cve: "CVE-2023-22045", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22045", }, { cve: "CVE-2023-22049", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22049", }, { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-24021", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24021", }, { cve: "CVE-2023-24532", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24532", }, { cve: "CVE-2023-24534", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24534", }, { cve: "CVE-2023-24536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24536", }, { cve: "CVE-2023-24537", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24537", }, { cve: "CVE-2023-24538", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24538", }, { cve: "CVE-2023-24539", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24539", }, { cve: "CVE-2023-24540", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24540", }, { cve: "CVE-2023-24932", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24932", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25815", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25815", }, { cve: "CVE-2023-26767", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26767", }, { cve: "CVE-2023-26768", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26768", }, { cve: "CVE-2023-26769", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26769", }, { cve: "CVE-2023-2731", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-2731", }, { cve: "CVE-2023-27320", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-27320", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-28005", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28005", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28486", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28486", }, { cve: "CVE-2023-28487", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28487", }, { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-28755", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28755", }, { cve: "CVE-2023-28756", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28756", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-29400", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29400", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-29479", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29479", }, { cve: "CVE-2023-29531", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29531", }, { cve: "CVE-2023-29532", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29532", }, { cve: "CVE-2023-29533", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29533", }, { cve: "CVE-2023-29535", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29535", }, { cve: "CVE-2023-29536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29536", }, { cve: "CVE-2023-29539", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29539", }, { cve: "CVE-2023-29541", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29541", }, { cve: "CVE-2023-29542", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29542", }, { cve: "CVE-2023-29545", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29545", }, { cve: "CVE-2023-29548", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29548", }, { cve: "CVE-2023-29550", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29550", }, { cve: "CVE-2023-30086", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30086", }, { cve: "CVE-2023-30608", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30608", }, { cve: "CVE-2023-30774", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30774", }, { cve: "CVE-2023-30775", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30775", }, { cve: "CVE-2023-31047", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-31047", }, { cve: "CVE-2023-31284", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-31284", }, { cve: "CVE-2023-32034", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32034", }, { cve: "CVE-2023-32035", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32035", }, { cve: "CVE-2023-32038", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32038", }, { cve: "CVE-2023-32039", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32039", }, { cve: "CVE-2023-32040", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32040", }, { cve: "CVE-2023-32041", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32041", }, { cve: "CVE-2023-32042", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32042", }, { cve: "CVE-2023-32043", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32043", }, { cve: "CVE-2023-32044", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32044", }, { cve: "CVE-2023-32045", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32045", }, { cve: "CVE-2023-32046", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32046", }, { cve: "CVE-2023-32049", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32049", }, { cve: "CVE-2023-32053", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32053", }, { cve: "CVE-2023-32054", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32054", }, { cve: "CVE-2023-32055", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32055", }, { cve: "CVE-2023-32057", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32057", }, { cve: "CVE-2023-32085", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32085", }, { cve: "CVE-2023-32205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32205", }, { cve: "CVE-2023-32206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32206", }, { cve: "CVE-2023-32207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32207", }, { cve: "CVE-2023-32208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32208", }, { cve: "CVE-2023-32209", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32209", }, { cve: "CVE-2023-32210", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32210", }, { cve: "CVE-2023-32211", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32211", }, { cve: "CVE-2023-32212", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32212", }, { cve: "CVE-2023-32213", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32213", }, { cve: "CVE-2023-32214", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32214", }, { cve: "CVE-2023-32215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32215", }, { cve: "CVE-2023-32216", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32216", }, { cve: "CVE-2023-32324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32324", }, { cve: "CVE-2023-33134", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33134", }, { cve: "CVE-2023-33154", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33154", }, { cve: "CVE-2023-33157", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33157", }, { cve: "CVE-2023-33160", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33160", }, { cve: "CVE-2023-33164", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33164", }, { cve: "CVE-2023-33166", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33166", }, { cve: "CVE-2023-33167", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33167", }, { cve: "CVE-2023-33168", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33168", }, { cve: "CVE-2023-33169", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33169", }, { cve: "CVE-2023-33172", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33172", }, { cve: "CVE-2023-33173", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33173", }, { cve: "CVE-2023-33174", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33174", }, { cve: "CVE-2023-34414", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34414", }, { cve: "CVE-2023-34415", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34415", }, { cve: "CVE-2023-34416", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34416", }, { cve: "CVE-2023-34417", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34417", }, { cve: "CVE-2023-3482", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-3482", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-35296", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35296", }, { cve: "CVE-2023-35297", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35297", }, { cve: "CVE-2023-35299", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35299", }, { cve: "CVE-2023-35300", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35300", }, { cve: "CVE-2023-35302", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35302", }, { cve: "CVE-2023-35303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35303", }, { cve: "CVE-2023-35304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35304", }, { cve: "CVE-2023-35305", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35305", }, { cve: "CVE-2023-35306", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35306", }, { cve: "CVE-2023-35308", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35308", }, { cve: "CVE-2023-35309", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35309", }, { cve: "CVE-2023-35311", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35311", }, { cve: "CVE-2023-35312", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35312", }, { cve: "CVE-2023-35313", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35313", }, { cve: "CVE-2023-35314", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35314", }, { cve: "CVE-2023-35315", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35315", }, { cve: "CVE-2023-35316", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35316", }, { cve: "CVE-2023-35318", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35318", }, { cve: "CVE-2023-35319", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35319", }, { cve: "CVE-2023-35320", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35320", }, { cve: "CVE-2023-35324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35324", }, { cve: "CVE-2023-35325", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35325", }, { cve: "CVE-2023-35328", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35328", }, { cve: "CVE-2023-35329", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35329", }, { cve: "CVE-2023-35330", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35330", }, { cve: "CVE-2023-35332", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35332", }, { cve: "CVE-2023-35336", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35336", }, { cve: "CVE-2023-35338", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35338", }, { cve: "CVE-2023-35339", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35339", }, { cve: "CVE-2023-35340", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35340", }, { cve: "CVE-2023-35341", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35341", }, { cve: "CVE-2023-35342", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35342", }, { cve: "CVE-2023-35352", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35352", }, { cve: "CVE-2023-35353", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35353", }, { cve: "CVE-2023-35356", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35356", }, { cve: "CVE-2023-35357", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35357", }, { cve: "CVE-2023-35358", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35358", }, { cve: "CVE-2023-35360", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35360", }, { cve: "CVE-2023-35361", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35361", }, { cve: "CVE-2023-35362", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35362", }, { cve: "CVE-2023-35365", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35365", }, { cve: "CVE-2023-35366", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35366", }, { cve: "CVE-2023-35367", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35367", }, { cve: "CVE-2023-3600", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-3600", }, { cve: "CVE-2023-36871", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36871", }, { cve: "CVE-2023-36874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36874", }, { cve: "CVE-2023-36884", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36884", }, { cve: "CVE-2023-37201", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37201", }, { cve: "CVE-2023-37202", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37202", }, { cve: "CVE-2023-37203", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37203", }, { cve: "CVE-2023-37204", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37204", }, { cve: "CVE-2023-37205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37205", }, { cve: "CVE-2023-37206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37206", }, { cve: "CVE-2023-37207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37207", }, { cve: "CVE-2023-37208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37208", }, { cve: "CVE-2023-37209", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37209", }, { cve: "CVE-2023-37210", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37210", }, { cve: "CVE-2023-37211", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37211", }, { cve: "CVE-2023-37212", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37212", }, ], }
WID-SEC-W-2023-2229
Vulnerability from csaf_certbund
Published
2023-08-30 22:00
Modified
2024-08-12 22:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2229 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json", }, { category: "self", summary: "WID-SEC-2023-2229 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0801", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0802", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0803", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0804", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0805", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0806", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0807", }, { category: "external", summary: "Splunk Security Advisory vom 2023-08-30", url: "https://advisory.splunk.com//advisories/SVD-2023-0808", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28", url: "https://linux.oracle.com/errata/ELSA-2024-2988.html", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02", url: "https://advisory.splunk.com/advisories/SVD-2024-0718", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12", url: "https://advisory.splunk.com//advisories/SVD-2024-0801", }, ], source_lang: "en-US", title: "Splunk Splunk Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:57:53.670+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2229", initial_release_date: "2023-08-30T22:00:00.000+00:00", revision_history: [ { date: "2023-08-30T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-01-23T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-07-01T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-08-12T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Splunk-SVD aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_name", name: "Splunk Splunk Enterprise", product: { name: "Splunk Splunk Enterprise", product_id: "T008911", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:-", }, }, }, { category: "product_version_range", name: "<9.1.1", product: { name: "Splunk Splunk Enterprise <9.1.1", product_id: "T029634", }, }, { category: "product_version_range", name: "<9.0.6", product: { name: "Splunk Splunk Enterprise <9.0.6", product_id: "T029635", }, }, { category: "product_version_range", name: "<8.2.12", product: { name: "Splunk Splunk Enterprise <8.2.12", product_id: "T029636", }, }, { category: "product_version_range", name: "<9.2.1", product: { name: "Splunk Splunk Enterprise <9.2.1", product_id: "T033705", }, }, { category: "product_version_range", name: "<9.1.4", product: { name: "Splunk Splunk Enterprise <9.1.4", product_id: "T033718", }, }, { category: "product_version_range", name: "<9.0.9", product: { name: "Splunk Splunk Enterprise <9.0.9", product_id: "T033720", }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7489", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2013-7489", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-20225", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2018-20225", }, { cve: "CVE-2019-20454", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2019-20454", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-28851", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-28851", }, { cve: "CVE-2020-29652", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-29652", }, { cve: "CVE-2020-8169", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8169", }, { cve: "CVE-2020-8177", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8177", }, { cve: "CVE-2020-8231", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8231", }, { cve: "CVE-2020-8284", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8284", }, { cve: "CVE-2020-8285", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8285", }, { cve: "CVE-2020-8286", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8286", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2021-20066", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-20066", }, { cve: "CVE-2021-22569", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22569", }, { cve: "CVE-2021-22876", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22876", }, { cve: "CVE-2021-22890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22890", }, { cve: "CVE-2021-22897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22897", }, { cve: "CVE-2021-22898", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22898", }, { cve: "CVE-2021-22901", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22901", }, { cve: "CVE-2021-22922", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22922", }, { cve: "CVE-2021-22923", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22923", }, { cve: "CVE-2021-22924", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22924", }, { cve: "CVE-2021-22925", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22925", }, { cve: "CVE-2021-22926", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22926", }, { cve: "CVE-2021-22945", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22945", }, { cve: "CVE-2021-22946", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22946", }, { cve: "CVE-2021-22947", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-22947", }, { cve: "CVE-2021-23343", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-23343", }, { cve: "CVE-2021-23382", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-23382", }, { cve: "CVE-2021-27918", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-27918", }, { cve: "CVE-2021-27919", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-27919", }, { cve: "CVE-2021-29060", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29060", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-29923", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-29923", }, { cve: "CVE-2021-31525", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-31525", }, { cve: "CVE-2021-31566", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-31566", }, { cve: "CVE-2021-33194", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33194", }, { cve: "CVE-2021-33195", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33195", }, { cve: "CVE-2021-33196", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33196", }, { cve: "CVE-2021-33197", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33197", }, { cve: "CVE-2021-33198", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-33198", }, { cve: "CVE-2021-34558", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-34558", }, { cve: "CVE-2021-3520", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3520", }, { cve: "CVE-2021-3572", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3572", }, { cve: "CVE-2021-36221", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-36221", }, { cve: "CVE-2021-36976", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-36976", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-38297", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-38297", }, { cve: "CVE-2021-38561", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-39293", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-39293", }, { cve: "CVE-2021-41182", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41182", }, { cve: "CVE-2021-41183", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41183", }, { cve: "CVE-2021-41184", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41184", }, { cve: "CVE-2021-41771", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41771", }, { cve: "CVE-2021-41772", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-41772", }, { cve: "CVE-2021-43565", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-43565", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44717", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2021-44717", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1941", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1941", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2022-2309", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2309", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-24921", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24921", }, { cve: "CVE-2022-24999", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-24999", }, { cve: "CVE-2022-25881", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-25881", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-27536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27536", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27779", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27779", }, { cve: "CVE-2022-27780", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27780", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-32149", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32149", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-33987", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-33987", }, { cve: "CVE-2022-3509", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3509", }, { cve: "CVE-2022-3510", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3510", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-37599", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37599", }, { cve: "CVE-2022-37601", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37601", }, { cve: "CVE-2022-37603", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-37603", }, { cve: "CVE-2022-38900", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-38900", }, { cve: "CVE-2022-40023", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40023", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-40899", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-40899", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41722", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-41722", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-46175", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2022-46175", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-24539", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-24539", }, { cve: "CVE-2023-24540", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-24540", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27537", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27537", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-29400", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29400", }, { cve: "CVE-2023-29402", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29402", }, { cve: "CVE-2023-29403", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29403", }, { cve: "CVE-2023-29404", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29404", }, { cve: "CVE-2023-29405", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-29405", }, { cve: "CVE-2023-40592", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40592", }, { cve: "CVE-2023-40593", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40593", }, { cve: "CVE-2023-40594", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40594", }, { cve: "CVE-2023-40595", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40595", }, { cve: "CVE-2023-40596", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40596", }, { cve: "CVE-2023-40597", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40597", }, { cve: "CVE-2023-40598", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion 'printf', u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgemäßen Signaturvalidierung, einer unsachgemäßen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen und seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033720", "T002207", "T008911", "T033718", "T033705", "T004914", ], }, release_date: "2023-08-30T22:00:00.000+00:00", title: "CVE-2023-40598", }, ], }
WID-SEC-W-2023-0138
Vulnerability from csaf_certbund
Published
2023-01-17 23:00
Modified
2023-01-17 23:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0138 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0138.json", }, { category: "self", summary: "WID-SEC-2023-0138 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0138", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Communications Applications vom 2023-01-17", url: "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-17T23:00:00.000+00:00", generator: { date: "2024-08-15T17:41:52.626+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0138", initial_release_date: "2023-01-17T23:00:00.000+00:00", revision_history: [ { date: "2023-01-17T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 6.3.1", product: { name: "Oracle Communications Applications 6.3.1", product_id: "T018935", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.3.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.6.0", product: { name: "Oracle Communications Applications 8.0.0.6.0", product_id: "T020662", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.6.0", product: { name: "Oracle Communications Applications 10.0.1.6.0", product_id: "T024967", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.9", product: { name: "Oracle Communications Applications <= 5.5.9", product_id: "T025857", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.9", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.1", product: { name: "Oracle Communications Applications <= 6.0.1", product_id: "T025858", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.1.0", product: { name: "Oracle Communications Applications 3.0.3.1.0", product_id: "T025859", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.1.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.7.0", product: { name: "Oracle Communications Applications 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.20.0", product: { name: "Oracle Communications Applications 8.1.0.20.0", product_id: "T025861", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.20.0", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21848", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21848", }, { cve: "CVE-2023-21824", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21824", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42252", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42252", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39271", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-39271", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-37454", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-37454", }, { cve: "CVE-2022-36055", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-36055", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-34917", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-34917", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-30126", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-30126", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-41411", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2020-16156", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2020-16156", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2019-17571", }, ], }
wid-sec-w-2023-2031
Vulnerability from csaf_certbund
Published
2023-08-09 22:00
Modified
2024-08-08 22:00
Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2031 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2031.json", }, { category: "self", summary: "WID-SEC-2023-2031 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2031", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-08-09", url: "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-011_FFPSv7-S11_MediaInstall_Aug2023.pdf", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-08-09", url: "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-012_FFPSv2_Win10_SecurityBulletin_Aug2023.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX23-013 vom 2023-08-24", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2023/08/Xerox-Security-Bulletin-XRX23-013-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2331 vom 2023-11-02", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2331.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-17 vom 2024-08-09", url: "https://security.gentoo.org/glsa/202408-17", }, ], source_lang: "en-US", title: "Xerox FreeFlow Print Server: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-08T22:00:00.000+00:00", generator: { date: "2024-08-15T17:56:55.155+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2031", initial_release_date: "2023-08-09T22:00:00.000+00:00", revision_history: [ { date: "2023-08-09T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-08-24T22:00:00.000+00:00", number: "2", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2023-11-02T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-08T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "v2", product: { name: "Xerox FreeFlow Print Server v2", product_id: "T014888", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v2", }, }, }, { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, { category: "product_version", name: "v7 for Solaris", product: { name: "Xerox FreeFlow Print Server v7 for Solaris", product_id: "T029230", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v7_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2004-0687", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2004-0687", }, { cve: "CVE-2020-23903", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2020-23903", }, { cve: "CVE-2020-23904", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2020-23904", }, { cve: "CVE-2021-33621", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-33621", }, { cve: "CVE-2021-33657", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-33657", }, { cve: "CVE-2021-3575", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-3575", }, { cve: "CVE-2021-3618", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-3618", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2022-2097", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-2097", }, { cve: "CVE-2022-21123", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21123", }, { cve: "CVE-2022-21125", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21125", }, { cve: "CVE-2022-21127", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21127", }, { cve: "CVE-2022-21166", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21166", }, { cve: "CVE-2022-21589", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21589", }, { cve: "CVE-2022-21592", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21592", }, { cve: "CVE-2022-21608", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21608", }, { cve: "CVE-2022-21617", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-21617", }, { cve: "CVE-2022-28805", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-28805", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-31783", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-31783", }, { cve: "CVE-2022-33099", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-33099", }, { cve: "CVE-2022-3729", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-3729", }, { cve: "CVE-2022-37290", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-37290", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-39348", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-39348", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41717", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41722", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41722", }, { cve: "CVE-2022-41723", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41723", }, { cve: "CVE-2022-41724", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41724", }, { cve: "CVE-2022-41725", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-41725", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-44617", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44617", }, { cve: "CVE-2022-44792", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44792", }, { cve: "CVE-2022-44793", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-44793", }, { cve: "CVE-2022-46285", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46285", }, { cve: "CVE-2022-46663", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46663", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-4743", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4743", }, { cve: "CVE-2022-48303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-48303", }, { cve: "CVE-2022-4883", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4883", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2023-0002", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0002", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0494", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0494", }, { cve: "CVE-2023-0547", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-0547", }, { cve: "CVE-2023-1161", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1161", }, { cve: "CVE-2023-1945", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1945", }, { cve: "CVE-2023-1992", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1992", }, { cve: "CVE-2023-1993", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1993", }, { cve: "CVE-2023-1994", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1994", }, { cve: "CVE-2023-1999", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-1999", }, { cve: "CVE-2023-21526", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21526", }, { cve: "CVE-2023-21756", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21756", }, { cve: "CVE-2023-21911", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21911", }, { cve: "CVE-2023-21912", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21912", }, { cve: "CVE-2023-21919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21919", }, { cve: "CVE-2023-21920", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21920", }, { cve: "CVE-2023-21929", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21929", }, { cve: "CVE-2023-21933", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21933", }, { cve: "CVE-2023-21935", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21935", }, { cve: "CVE-2023-21940", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21940", }, { cve: "CVE-2023-21945", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21945", }, { cve: "CVE-2023-21946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21946", }, { cve: "CVE-2023-21947", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21947", }, { cve: "CVE-2023-21953", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21953", }, { cve: "CVE-2023-21955", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21955", }, { cve: "CVE-2023-21962", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21962", }, { cve: "CVE-2023-21966", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21966", }, { cve: "CVE-2023-21972", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21972", }, { cve: "CVE-2023-21976", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21976", }, { cve: "CVE-2023-21977", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21977", }, { cve: "CVE-2023-21980", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21980", }, { cve: "CVE-2023-21982", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21982", }, { cve: "CVE-2023-21995", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-21995", }, { cve: "CVE-2023-22006", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22006", }, { cve: "CVE-2023-22023", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22023", }, { cve: "CVE-2023-22036", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22036", }, { cve: "CVE-2023-22041", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22041", }, { cve: "CVE-2023-22044", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22044", }, { cve: "CVE-2023-22045", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22045", }, { cve: "CVE-2023-22049", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-22049", }, { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-24021", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24021", }, { cve: "CVE-2023-24532", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24532", }, { cve: "CVE-2023-24534", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24534", }, { cve: "CVE-2023-24536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24536", }, { cve: "CVE-2023-24537", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24537", }, { cve: "CVE-2023-24538", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24538", }, { cve: "CVE-2023-24539", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24539", }, { cve: "CVE-2023-24540", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24540", }, { cve: "CVE-2023-24932", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24932", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25815", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-25815", }, { cve: "CVE-2023-26767", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26767", }, { cve: "CVE-2023-26768", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26768", }, { cve: "CVE-2023-26769", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-26769", }, { cve: "CVE-2023-2731", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-2731", }, { cve: "CVE-2023-27320", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-27320", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-28005", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28005", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28486", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28486", }, { cve: "CVE-2023-28487", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28487", }, { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-28755", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28755", }, { cve: "CVE-2023-28756", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-28756", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-29400", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29400", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-29479", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29479", }, { cve: "CVE-2023-29531", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29531", }, { cve: "CVE-2023-29532", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29532", }, { cve: "CVE-2023-29533", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29533", }, { cve: "CVE-2023-29535", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29535", }, { cve: "CVE-2023-29536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29536", }, { cve: "CVE-2023-29539", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29539", }, { cve: "CVE-2023-29541", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29541", }, { cve: "CVE-2023-29542", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29542", }, { cve: "CVE-2023-29545", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29545", }, { cve: "CVE-2023-29548", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29548", }, { cve: "CVE-2023-29550", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-29550", }, { cve: "CVE-2023-30086", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30086", }, { cve: "CVE-2023-30608", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30608", }, { cve: "CVE-2023-30774", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30774", }, { cve: "CVE-2023-30775", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-30775", }, { cve: "CVE-2023-31047", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-31047", }, { cve: "CVE-2023-31284", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-31284", }, { cve: "CVE-2023-32034", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32034", }, { cve: "CVE-2023-32035", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32035", }, { cve: "CVE-2023-32038", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32038", }, { cve: "CVE-2023-32039", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32039", }, { cve: "CVE-2023-32040", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32040", }, { cve: "CVE-2023-32041", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32041", }, { cve: "CVE-2023-32042", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32042", }, { cve: "CVE-2023-32043", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32043", }, { cve: "CVE-2023-32044", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32044", }, { cve: "CVE-2023-32045", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32045", }, { cve: "CVE-2023-32046", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32046", }, { cve: "CVE-2023-32049", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32049", }, { cve: "CVE-2023-32053", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32053", }, { cve: "CVE-2023-32054", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32054", }, { cve: "CVE-2023-32055", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32055", }, { cve: "CVE-2023-32057", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32057", }, { cve: "CVE-2023-32085", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32085", }, { cve: "CVE-2023-32205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32205", }, { cve: "CVE-2023-32206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32206", }, { cve: "CVE-2023-32207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32207", }, { cve: "CVE-2023-32208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32208", }, { cve: "CVE-2023-32209", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32209", }, { cve: "CVE-2023-32210", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32210", }, { cve: "CVE-2023-32211", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32211", }, { cve: "CVE-2023-32212", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32212", }, { cve: "CVE-2023-32213", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32213", }, { cve: "CVE-2023-32214", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32214", }, { cve: "CVE-2023-32215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32215", }, { cve: "CVE-2023-32216", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32216", }, { cve: "CVE-2023-32324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-32324", }, { cve: "CVE-2023-33134", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33134", }, { cve: "CVE-2023-33154", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33154", }, { cve: "CVE-2023-33157", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33157", }, { cve: "CVE-2023-33160", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33160", }, { cve: "CVE-2023-33164", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33164", }, { cve: "CVE-2023-33166", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33166", }, { cve: "CVE-2023-33167", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33167", }, { cve: "CVE-2023-33168", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33168", }, { cve: "CVE-2023-33169", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33169", }, { cve: "CVE-2023-33172", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33172", }, { cve: "CVE-2023-33173", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33173", }, { cve: "CVE-2023-33174", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-33174", }, { cve: "CVE-2023-34414", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34414", }, { cve: "CVE-2023-34415", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34415", }, { cve: "CVE-2023-34416", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34416", }, { cve: "CVE-2023-34417", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34417", }, { cve: "CVE-2023-3482", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-3482", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-35296", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35296", }, { cve: "CVE-2023-35297", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35297", }, { cve: "CVE-2023-35299", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35299", }, { cve: "CVE-2023-35300", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35300", }, { cve: "CVE-2023-35302", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35302", }, { cve: "CVE-2023-35303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35303", }, { cve: "CVE-2023-35304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35304", }, { cve: "CVE-2023-35305", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35305", }, { cve: "CVE-2023-35306", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35306", }, { cve: "CVE-2023-35308", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35308", }, { cve: "CVE-2023-35309", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35309", }, { cve: "CVE-2023-35311", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35311", }, { cve: "CVE-2023-35312", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35312", }, { cve: "CVE-2023-35313", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35313", }, { cve: "CVE-2023-35314", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35314", }, { cve: "CVE-2023-35315", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35315", }, { cve: "CVE-2023-35316", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35316", }, { cve: "CVE-2023-35318", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35318", }, { cve: "CVE-2023-35319", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35319", }, { cve: "CVE-2023-35320", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35320", }, { cve: "CVE-2023-35324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35324", }, { cve: "CVE-2023-35325", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35325", }, { cve: "CVE-2023-35328", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35328", }, { cve: "CVE-2023-35329", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35329", }, { cve: "CVE-2023-35330", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35330", }, { cve: "CVE-2023-35332", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35332", }, { cve: "CVE-2023-35336", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35336", }, { cve: "CVE-2023-35338", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35338", }, { cve: "CVE-2023-35339", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35339", }, { cve: "CVE-2023-35340", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35340", }, { cve: "CVE-2023-35341", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35341", }, { cve: "CVE-2023-35342", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35342", }, { cve: "CVE-2023-35352", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35352", }, { cve: "CVE-2023-35353", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35353", }, { cve: "CVE-2023-35356", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35356", }, { cve: "CVE-2023-35357", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35357", }, { cve: "CVE-2023-35358", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35358", }, { cve: "CVE-2023-35360", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35360", }, { cve: "CVE-2023-35361", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35361", }, { cve: "CVE-2023-35362", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35362", }, { cve: "CVE-2023-35365", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35365", }, { cve: "CVE-2023-35366", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35366", }, { cve: "CVE-2023-35367", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-35367", }, { cve: "CVE-2023-3600", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-3600", }, { cve: "CVE-2023-36871", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36871", }, { cve: "CVE-2023-36874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36874", }, { cve: "CVE-2023-36884", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-36884", }, { cve: "CVE-2023-37201", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37201", }, { cve: "CVE-2023-37202", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37202", }, { cve: "CVE-2023-37203", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37203", }, { cve: "CVE-2023-37204", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37204", }, { cve: "CVE-2023-37205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37205", }, { cve: "CVE-2023-37206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37206", }, { cve: "CVE-2023-37207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37207", }, { cve: "CVE-2023-37208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37208", }, { cve: "CVE-2023-37209", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37209", }, { cve: "CVE-2023-37210", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37210", }, { cve: "CVE-2023-37211", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37211", }, { cve: "CVE-2023-37212", notes: [ { category: "description", text: "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T029230", "T014888", "398363", "T015632", "T012167", ], }, release_date: "2023-08-09T22:00:00.000+00:00", title: "CVE-2023-37212", }, ], }
WID-SEC-W-2023-1350
Vulnerability from csaf_certbund
Published
2023-06-01 22:00
Modified
2024-02-15 23:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1350 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json", }, { category: "self", summary: "WID-SEC-2023-1350 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350", }, { category: "external", summary: "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01", url: "https://advisory.splunk.com/advisories/SVD-2023-0613", }, { category: "external", summary: "IBM Security Bulletin 7008449 vom 2023-06-29", url: "https://www.ibm.com/support/pages/node/7008449", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html", }, ], source_lang: "en-US", title: "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern", tracking: { current_release_date: "2024-02-15T23:00:00.000+00:00", generator: { date: "2024-08-15T17:51:43.161+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1350", initial_release_date: "2023-06-01T22:00:00.000+00:00", revision_history: [ { date: "2023-06-01T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-06-29T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-23T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-15T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM DB2", product: { name: "IBM DB2", product_id: "5104", product_identification_helper: { cpe: "cpe:/a:ibm:db2:-", }, }, }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "< 8.1.14", product: { name: "Splunk Splunk Enterprise < 8.1.14", product_id: "T027935", }, }, { category: "product_version_range", name: "< 8.2.11", product: { name: "Splunk Splunk Enterprise < 8.2.11", product_id: "T027936", }, }, { category: "product_version_range", name: "< 9.0.5", product: { name: "Splunk Splunk Enterprise < 9.0.5", product_id: "T027937", }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, ], }, vulnerabilities: [ { cve: "CVE-2023-27538", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27537", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27537", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-46175", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-46175", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-4200", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-4200", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-40023", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-40023", }, { cve: "CVE-2022-38900", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-38900", }, { cve: "CVE-2022-37616", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37616", }, { cve: "CVE-2022-37603", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37603", }, { cve: "CVE-2022-37601", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37601", }, { cve: "CVE-2022-37599", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37599", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-3517", }, { cve: "CVE-2022-33987", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-33987", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30115", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-30115", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27780", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27780", }, { cve: "CVE-2022-27779", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27779", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-25858", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-25858", }, { cve: "CVE-2022-24999", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24999", }, { cve: "CVE-2022-24921", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24921", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2021-43565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-43565", }, { cve: "CVE-2021-3803", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-3803", }, { cve: "CVE-2021-36976", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-36976", }, { cve: "CVE-2021-3520", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-3520", }, { cve: "CVE-2021-33587", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33587", }, { cve: "CVE-2021-33503", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33503", }, { cve: "CVE-2021-33502", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-33502", }, { cve: "CVE-2021-31566", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-31566", }, { cve: "CVE-2021-29060", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-29060", }, { cve: "CVE-2021-27292", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-27292", }, { cve: "CVE-2021-23382", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23382", }, { cve: "CVE-2021-23368", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23368", }, { cve: "CVE-2021-23343", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-23343", }, { cve: "CVE-2021-22947", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22947", }, { cve: "CVE-2021-22946", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22946", }, { cve: "CVE-2021-22945", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22945", }, { cve: "CVE-2021-22926", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22926", }, { cve: "CVE-2021-22925", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22925", }, { cve: "CVE-2021-22924", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22924", }, { cve: "CVE-2021-22923", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22923", }, { cve: "CVE-2021-22922", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22922", }, { cve: "CVE-2021-22901", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22901", }, { cve: "CVE-2021-22898", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22898", }, { cve: "CVE-2021-22897", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22897", }, { cve: "CVE-2021-22890", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22890", }, { cve: "CVE-2021-22876", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-22876", }, { cve: "CVE-2021-20095", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2021-20095", }, { cve: "CVE-2020-8286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8286", }, { cve: "CVE-2020-8285", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8285", }, { cve: "CVE-2020-8284", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8284", }, { cve: "CVE-2020-8231", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8231", }, { cve: "CVE-2020-8203", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8203", }, { cve: "CVE-2020-8177", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8177", }, { cve: "CVE-2020-8169", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8169", }, { cve: "CVE-2020-8116", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-8116", }, { cve: "CVE-2020-7774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7774", }, { cve: "CVE-2020-7753", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7753", }, { cve: "CVE-2020-7662", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-7662", }, { cve: "CVE-2020-28469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-28469", }, { cve: "CVE-2020-15138", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-15138", }, { cve: "CVE-2020-13822", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2020-13822", }, { cve: "CVE-2019-20149", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-20149", }, { cve: "CVE-2019-10746", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-10746", }, { cve: "CVE-2019-10744", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2019-10744", }, { cve: "CVE-2018-25032", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2018-25032", }, { cve: "CVE-2017-16042", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T002207", "5104", ], }, release_date: "2023-06-01T22:00:00.000+00:00", title: "CVE-2017-16042", }, ], }
wid-sec-w-2023-0138
Vulnerability from csaf_certbund
Published
2023-01-17 23:00
Modified
2023-01-17 23:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0138 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0138.json", }, { category: "self", summary: "WID-SEC-2023-0138 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0138", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Communications Applications vom 2023-01-17", url: "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-17T23:00:00.000+00:00", generator: { date: "2024-08-15T17:41:52.626+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0138", initial_release_date: "2023-01-17T23:00:00.000+00:00", revision_history: [ { date: "2023-01-17T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 6.3.1", product: { name: "Oracle Communications Applications 6.3.1", product_id: "T018935", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.3.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.6.0", product: { name: "Oracle Communications Applications 8.0.0.6.0", product_id: "T020662", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.6.0", product: { name: "Oracle Communications Applications 10.0.1.6.0", product_id: "T024967", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.9", product: { name: "Oracle Communications Applications <= 5.5.9", product_id: "T025857", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.9", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.1", product: { name: "Oracle Communications Applications <= 6.0.1", product_id: "T025858", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.1.0", product: { name: "Oracle Communications Applications 3.0.3.1.0", product_id: "T025859", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.1.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.7.0", product: { name: "Oracle Communications Applications 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.20.0", product: { name: "Oracle Communications Applications 8.1.0.20.0", product_id: "T025861", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.20.0", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21848", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21848", }, { cve: "CVE-2023-21824", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21824", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42252", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42252", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39271", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-39271", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-37454", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-37454", }, { cve: "CVE-2022-36055", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-36055", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-34917", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-34917", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-30126", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-30126", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-41411", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2020-16156", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2020-16156", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2019-17571", }, ], }
opensuse-su-2024:12553-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.19-1.19.4-1.1 on GA media
Notes
Title of the patch
go1.19-1.19.4-1.1 on GA media
Description of the patch
These are all security issues fixed in the go1.19-1.19.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12553
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "go1.19-1.19.4-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the go1.19-1.19.4-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12553", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12553-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-41717 page", url: "https://www.suse.com/security/cve/CVE-2022-41717/", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, ], title: "go1.19-1.19.4-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12553-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.19-1.19.4-1.1.aarch64", product: { name: "go1.19-1.19.4-1.1.aarch64", product_id: "go1.19-1.19.4-1.1.aarch64", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-1.1.aarch64", product: { name: "go1.19-doc-1.19.4-1.1.aarch64", product_id: "go1.19-doc-1.19.4-1.1.aarch64", }, }, { category: "product_version", name: "go1.19-race-1.19.4-1.1.aarch64", product: { name: "go1.19-race-1.19.4-1.1.aarch64", product_id: "go1.19-race-1.19.4-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-1.1.ppc64le", product: { name: "go1.19-1.19.4-1.1.ppc64le", product_id: "go1.19-1.19.4-1.1.ppc64le", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-1.1.ppc64le", product: { name: "go1.19-doc-1.19.4-1.1.ppc64le", product_id: "go1.19-doc-1.19.4-1.1.ppc64le", }, }, { category: "product_version", name: "go1.19-race-1.19.4-1.1.ppc64le", product: { name: "go1.19-race-1.19.4-1.1.ppc64le", product_id: "go1.19-race-1.19.4-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-1.1.s390x", product: { name: "go1.19-1.19.4-1.1.s390x", product_id: "go1.19-1.19.4-1.1.s390x", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-1.1.s390x", product: { name: "go1.19-doc-1.19.4-1.1.s390x", product_id: "go1.19-doc-1.19.4-1.1.s390x", }, }, { category: "product_version", name: "go1.19-race-1.19.4-1.1.s390x", product: { name: "go1.19-race-1.19.4-1.1.s390x", product_id: "go1.19-race-1.19.4-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.19-1.19.4-1.1.x86_64", product: { name: "go1.19-1.19.4-1.1.x86_64", product_id: "go1.19-1.19.4-1.1.x86_64", }, }, { category: "product_version", name: "go1.19-doc-1.19.4-1.1.x86_64", product: { name: "go1.19-doc-1.19.4-1.1.x86_64", product_id: "go1.19-doc-1.19.4-1.1.x86_64", }, }, { category: "product_version", name: "go1.19-race-1.19.4-1.1.x86_64", product: { name: "go1.19-race-1.19.4-1.1.x86_64", product_id: "go1.19-race-1.19.4-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", }, product_reference: "go1.19-1.19.4-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", }, product_reference: "go1.19-1.19.4-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", }, product_reference: "go1.19-1.19.4-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-1.19.4-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", }, product_reference: "go1.19-1.19.4-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", }, product_reference: "go1.19-doc-1.19.4-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", }, product_reference: "go1.19-doc-1.19.4-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", }, product_reference: "go1.19-doc-1.19.4-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-doc-1.19.4-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", }, product_reference: "go1.19-doc-1.19.4-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", }, product_reference: "go1.19-race-1.19.4-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", }, product_reference: "go1.19-race-1.19.4-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", }, product_reference: "go1.19-race-1.19.4-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.19-race-1.19.4-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", }, product_reference: "go1.19-race-1.19.4-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41717", }, ], notes: [ { category: "general", text: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41717", url: "https://www.suse.com/security/cve/CVE-2022-41717", }, { category: "external", summary: "SUSE Bug 1206135 for CVE-2022-41717", url: "https://bugzilla.suse.com/1206135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.19-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-doc-1.19.4-1.1.x86_64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.aarch64", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.ppc64le", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.s390x", "openSUSE Tumbleweed:go1.19-race-1.19.4-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-41720", }, ], }
opensuse-su-2024:12552-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.18-1.18.9-1.1 on GA media
Notes
Title of the patch
go1.18-1.18.9-1.1 on GA media
Description of the patch
These are all security issues fixed in the go1.18-1.18.9-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12552
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "go1.18-1.18.9-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the go1.18-1.18.9-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12552", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12552-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-41717 page", url: "https://www.suse.com/security/cve/CVE-2022-41717/", }, { category: "self", summary: "SUSE CVE CVE-2022-41720 page", url: "https://www.suse.com/security/cve/CVE-2022-41720/", }, ], title: "go1.18-1.18.9-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12552-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.18-1.18.9-1.1.aarch64", product: { name: "go1.18-1.18.9-1.1.aarch64", product_id: "go1.18-1.18.9-1.1.aarch64", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-1.1.aarch64", product: { name: "go1.18-doc-1.18.9-1.1.aarch64", product_id: "go1.18-doc-1.18.9-1.1.aarch64", }, }, { category: "product_version", name: "go1.18-race-1.18.9-1.1.aarch64", product: { name: "go1.18-race-1.18.9-1.1.aarch64", product_id: "go1.18-race-1.18.9-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-1.1.ppc64le", product: { name: "go1.18-1.18.9-1.1.ppc64le", product_id: "go1.18-1.18.9-1.1.ppc64le", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-1.1.ppc64le", product: { name: "go1.18-doc-1.18.9-1.1.ppc64le", product_id: "go1.18-doc-1.18.9-1.1.ppc64le", }, }, { category: "product_version", name: "go1.18-race-1.18.9-1.1.ppc64le", product: { name: "go1.18-race-1.18.9-1.1.ppc64le", product_id: "go1.18-race-1.18.9-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-1.1.s390x", product: { name: "go1.18-1.18.9-1.1.s390x", product_id: "go1.18-1.18.9-1.1.s390x", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-1.1.s390x", product: { name: "go1.18-doc-1.18.9-1.1.s390x", product_id: "go1.18-doc-1.18.9-1.1.s390x", }, }, { category: "product_version", name: "go1.18-race-1.18.9-1.1.s390x", product: { name: "go1.18-race-1.18.9-1.1.s390x", product_id: "go1.18-race-1.18.9-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.18-1.18.9-1.1.x86_64", product: { name: "go1.18-1.18.9-1.1.x86_64", product_id: "go1.18-1.18.9-1.1.x86_64", }, }, { category: "product_version", name: "go1.18-doc-1.18.9-1.1.x86_64", product: { name: "go1.18-doc-1.18.9-1.1.x86_64", product_id: "go1.18-doc-1.18.9-1.1.x86_64", }, }, { category: "product_version", name: "go1.18-race-1.18.9-1.1.x86_64", product: { name: "go1.18-race-1.18.9-1.1.x86_64", product_id: "go1.18-race-1.18.9-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", }, product_reference: "go1.18-1.18.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", }, product_reference: "go1.18-1.18.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", }, product_reference: "go1.18-1.18.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-1.18.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", }, product_reference: "go1.18-1.18.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", }, product_reference: "go1.18-doc-1.18.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", }, product_reference: "go1.18-doc-1.18.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", }, product_reference: "go1.18-doc-1.18.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-doc-1.18.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", }, product_reference: "go1.18-doc-1.18.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", }, product_reference: "go1.18-race-1.18.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", }, product_reference: "go1.18-race-1.18.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", }, product_reference: "go1.18-race-1.18.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.18-race-1.18.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", }, product_reference: "go1.18-race-1.18.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41717", }, ], notes: [ { category: "general", text: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41717", url: "https://www.suse.com/security/cve/CVE-2022-41717", }, { category: "external", summary: "SUSE Bug 1206135 for CVE-2022-41717", url: "https://bugzilla.suse.com/1206135", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-41717", }, { cve: "CVE-2022-41720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41720", }, ], notes: [ { category: "general", text: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41720", url: "https://www.suse.com/security/cve/CVE-2022-41720", }, { category: "external", summary: "SUSE Bug 1206134 for CVE-2022-41720", url: "https://bugzilla.suse.com/1206134", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.18-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-doc-1.18.9-1.1.x86_64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.aarch64", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.s390x", "openSUSE Tumbleweed:go1.18-race-1.18.9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-41720", }, ], }
fkie_cve-2022-41720
Vulnerability from fkie_nvd
Published
2022-12-07 17:15
Modified
2024-11-21 07:23
Severity ?
Summary
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@golang.org | https://go.dev/cl/455716 | Patch, Vendor Advisory | |
| security@golang.org | https://go.dev/issue/56694 | Issue Tracking, Vendor Advisory | |
| security@golang.org | https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ | Patch, Release Notes, Third Party Advisory | |
| security@golang.org | https://pkg.go.dev/vuln/GO-2022-1143 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/cl/455716 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/issue/56694 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pkg.go.dev/vuln/GO-2022-1143 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "E0CD51B1-029E-442F-BE6A-772F4754D240", versionEndExcluding: "1.18.9", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "B6AEBFD1-DEE2-40E0-B65C-8C7885014797", versionEndExcluding: "1.19.4", versionStartIncluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", }, { lang: "es", value: "En Windows, se puede acceder a archivos restringidos a través de os.DirFS y http.Dir. La función os.DirFS y el tipo http.Dir brindan acceso a un árbol de archivos ubicados en un directorio determinado. Estas funciones permiten el acceso a archivos de dispositivos Windows bajo esa raíz. Por ejemplo, os.DirFS(\"C:/tmp\").Open(\"COM1\") abre el dispositivo COM1. Tanto os.DirFS como http.Dir solo brindan acceso al sistema de archivos de solo lectura. Además, en Windows, un os.DirFS para el directorio (la raíz de la unidad actual) puede permitir que una ruta creada con fines malintencionados escape de la unidad y acceda a cualquier ruta del sistema. Con la corrección aplicada, el comportamiento de os.DirFS(\"\") ha cambiado. Anteriormente, una raíz vacía se trataba de manera equivalente a \"/\", por lo que os.DirFS(\"\").Open(\"tmp\") abriría la ruta \"/tmp\". Esto ahora devuelve un error.", }, ], id: "CVE-2022-41720", lastModified: "2024-11-21T07:23:44.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-07T17:15:10.293", references: [ { source: "security@golang.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://go.dev/cl/455716", }, { source: "security@golang.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://go.dev/issue/56694", }, { source: "security@golang.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { source: "security@golang.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2022-1143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://go.dev/cl/455716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://go.dev/issue/56694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2022-1143", }, ], sourceIdentifier: "security@golang.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-cvf9-g74c-vv79
Vulnerability from github
Published
2022-12-07 18:30
Modified
2022-12-12 15:30
Severity ?
Details
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
{ affected: [], aliases: [ "CVE-2022-41720", ], database_specific: { cwe_ids: [ "CWE-22", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-12-07T17:15:00Z", severity: "HIGH", }, details: "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", id: "GHSA-cvf9-g74c-vv79", modified: "2022-12-12T15:30:32Z", published: "2022-12-07T18:30:26Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41720", }, { type: "WEB", url: "https://go.dev/cl/455716", }, { type: "WEB", url: "https://go.dev/issue/56694", }, { type: "WEB", url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { type: "WEB", url: "https://pkg.go.dev/vuln/GO-2022-1143", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.