rpm package
suse/python-pycomposefile&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4
pkg:rpm/suse/python-pycomposefile&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21226 | — | < 0.0.34-150400.9.8.1 | 0.0.34-150400.9.8.1 | Jan 13, 2026 | Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | ||
| CVE-2025-24049 | — | < 0.0.34-150400.9.8.1 | 0.0.34-150400.9.8.1 | Mar 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2024-35255 | — | < 0.0.34-150400.9.8.1 | 0.0.34-150400.9.8.1 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2023-28859 | — | < 0.0.30-150400.9.3.1 | 0.0.30-150400.9.3.1 | Mar 26, 2023 | redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio | ||
| CVE-2023-28858 | — | < 0.0.30-150400.9.3.1 | 0.0.30-150400.9.3.1 | Mar 26, 2023 | redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT |
- CVE-2026-21226Jan 13, 2026affected < 0.0.34-150400.9.8.1fixed 0.0.34-150400.9.8.1
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
- CVE-2025-24049Mar 11, 2025affected < 0.0.34-150400.9.8.1fixed 0.0.34-150400.9.8.1
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
- CVE-2024-35255Jun 11, 2024affected < 0.0.34-150400.9.8.1fixed 0.0.34-150400.9.8.1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2023-28859Mar 26, 2023affected < 0.0.30-150400.9.3.1fixed 0.0.30-150400.9.3.1
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio
- CVE-2023-28858Mar 26, 2023affected < 0.0.30-150400.9.3.1fixed 0.0.30-150400.9.3.1
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT