rpm package
suse/azure-cli-core&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4
pkg:rpm/suse/azure-cli-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21226 | — | < 2.82.0-150400.14.14.1 | 2.82.0-150400.14.14.1 | Jan 13, 2026 | Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | ||
| CVE-2025-24049 | — | < 2.82.0-150400.14.14.1 | 2.82.0-150400.14.14.1 | Mar 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2024-35255 | — | < 2.82.0-150400.14.14.1 | 2.82.0-150400.14.14.1 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2022-3171 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Oct 12, 2022 | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be | ||
| CVE-2022-1941 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Sep 22, 2022 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can | ||
| CVE-2021-22570 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Jan 26, 2022 | Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend | ||
| CVE-2021-22569 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Jan 7, 2022 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre | ||
| CVE-2020-36242 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Feb 7, 2021 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | ||
| CVE-2020-25659 | — | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Jan 11, 2021 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | ||
| CVE-2018-1000518 | Hig | 7.5 | < 2.17.1-150100.6.18.1 | 2.17.1-150100.6.18.1 | Jun 26, 2018 | aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex |
- CVE-2026-21226Jan 13, 2026affected < 2.82.0-150400.14.14.1fixed 2.82.0-150400.14.14.1
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
- CVE-2025-24049Mar 11, 2025affected < 2.82.0-150400.14.14.1fixed 2.82.0-150400.14.14.1
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
- CVE-2024-35255Jun 11, 2024affected < 2.82.0-150400.14.14.1fixed 2.82.0-150400.14.14.1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2022-3171Oct 12, 2022affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be
- CVE-2022-1941Sep 22, 2022affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can
- CVE-2021-22570Jan 26, 2022affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend
- CVE-2021-22569Jan 7, 2022affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre
- CVE-2020-36242Feb 7, 2021affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
- CVE-2020-25659Jan 11, 2021affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
- affected < 2.17.1-150100.6.18.1fixed 2.17.1-150100.6.18.1
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex