rpm package
opensuse/python-websocket-client&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/python-websocket-client&distro=openSUSE%20Leap%2015.6
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21226 | — | < 1.9.0-150400.13.10.1 | 1.9.0-150400.13.10.1 | Jan 13, 2026 | Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | ||
| CVE-2025-24049 | — | < 1.9.0-150400.13.10.1 | 1.9.0-150400.13.10.1 | Mar 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2024-35255 | — | < 1.9.0-150400.13.10.1 | 1.9.0-150400.13.10.1 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2023-28859 | — | < 1.5.1-150400.13.7.1 | 1.5.1-150400.13.7.1 | Mar 26, 2023 | redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio | ||
| CVE-2023-28858 | — | < 1.5.1-150400.13.7.1 | 1.5.1-150400.13.7.1 | Mar 26, 2023 | redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT |
- CVE-2026-21226Jan 13, 2026affected < 1.9.0-150400.13.10.1fixed 1.9.0-150400.13.10.1
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
- CVE-2025-24049Mar 11, 2025affected < 1.9.0-150400.13.10.1fixed 1.9.0-150400.13.10.1
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
- CVE-2024-35255Jun 11, 2024affected < 1.9.0-150400.13.10.1fixed 1.9.0-150400.13.10.1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2023-28859Mar 26, 2023affected < 1.5.1-150400.13.7.1fixed 1.5.1-150400.13.7.1
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio
- CVE-2023-28858Mar 26, 2023affected < 1.5.1-150400.13.7.1fixed 1.5.1-150400.13.7.1
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT