rpm package
suse/python-pytest&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6547 | Cri | — | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Jun 23, 2025 | Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2. | |
| CVE-2025-6545 | Cri | — | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Jun 23, 2025 | Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2. | |
| CVE-2025-5889 | Low | 3.1 | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Jun 9, 2025 | A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l | |
| CVE-2024-21538 | Hig | 7.5 | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Nov 8, 2024 | Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted | |
| CVE-2024-48948 | — | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Oct 15, 2024 | The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomal | ||
| CVE-2024-48949 | — | < 8.3.5-150400.3.9.1 | 8.3.5-150400.3.9.1 | Oct 10, 2024 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. |
- affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
- affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
- affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l
- affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted
- CVE-2024-48948Oct 15, 2024affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomal
- CVE-2024-48949Oct 10, 2024affected < 8.3.5-150400.3.9.1fixed 8.3.5-150400.3.9.1
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.