Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-6357 (GCVE-0-2026-6357)
Vulnerability from cvelistv5 – Published: 2026-04-27 14:19 – Updated: 2026-04-27 22:17
VLAI
EPSS
Title
pip self-update functionality can import newly installed modules after wheel installation
Summary
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pip maintainers | pip |
Affected:
0 , < 26.1
(python)
|
Credits
Damian Shaw
Damian Shaw
Richard Si
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T16:08:15.074450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T16:08:47.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-27T22:17:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/pip",
"defaultStatus": "unaffected",
"packageName": "pip",
"product": "pip",
"repo": "https://github.com/pypa/pip",
"vendor": "Pip maintainers",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Damian Shaw"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Damian Shaw"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Richard Si"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
}
],
"value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T14:19:47.657Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pypa/pip/pull/13923"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "pip self-update functionality can import newly installed modules after wheel installation",
"x_generator": {
"engine": "Vulnogram 0.6.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-6357",
"datePublished": "2026-04-27T14:19:47.657Z",
"dateReserved": "2026-04-15T13:55:02.734Z",
"dateUpdated": "2026-04-27T22:17:49.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-6357",
"date": "2026-06-16",
"epss": "0.00138",
"percentile": "0.03521"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-6357\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2026-04-27T15:16:20.857\",\"lastModified\":\"2026-04-27T23:16:03.533\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"references\":[{\"url\":\"https://github.com/pypa/pip/pull/13923\",\"source\":\"cna@python.org\"},{\"url\":\"https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes\",\"source\":\"cna@python.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/27/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/27/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-27T22:17:49.582Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6357\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-27T16:08:15.074450Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-829\", \"description\": \"CWE-829 Inclusion of Functionality from Untrusted Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-27T16:07:29.489Z\"}}], \"cna\": {\"title\": \"pip self-update functionality can import newly installed modules after wheel installation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Damian Shaw\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Damian Shaw\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Richard Si\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Seth Larson\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/pypa/pip\", \"vendor\": \"Pip maintainers\", \"product\": \"pip\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"python\"}], \"packageName\": \"pip\", \"collectionURL\": \"https://pypi.org/project/pip\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/pypa/pip/pull/13923\", \"tags\": [\"patch\"]}, {\"url\": \"https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.6.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-04-27T14:19:47.657Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-6357\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-27T22:17:49.582Z\", \"dateReserved\": \"2026-04-15T13:55:02.734Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2026-04-27T14:19:47.657Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-hz86045
Vulnerability from cleanstart
Published
2026-05-18 12:58
Modified
2026-05-15 10:59
Summary
Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.1.0-r0
Details
Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "miniforge3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.1.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-HZ86045",
"modified": "2026-05-15T10:59:59Z",
"published": "2026-05-18T12:58:11.998628Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HZ86045.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-6357"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jp4c-xjxw-mgf9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.1.0-r0",
"upstream": [
"CVE-2026-44431",
"CVE-2026-44432",
"CVE-2026-6357",
"ghsa-jp4c-xjxw-mgf9",
"ghsa-mf9v-mfxr-j63j",
"ghsa-qccp-gfcp-xxvc"
]
}
cleanstart-2026-qk55639
Vulnerability from cleanstart
Published
2026-05-18 12:58
Modified
2026-05-15 11:22
Summary
Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-gc5v-m9x4-r6x2, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.0.0-r1
Details
Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "miniforge3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.0.0-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the miniforge3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QK55639",
"modified": "2026-05-15T11:22:47Z",
"published": "2026-05-18T12:58:15.258444Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QK55639.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-6357"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jp4c-xjxw-mgf9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-44431, CVE-2026-44432, CVE-2026-6357, ghsa-gc5v-m9x4-r6x2, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 26.1.0.0-r1",
"upstream": [
"CVE-2026-44431",
"CVE-2026-44432",
"CVE-2026-6357",
"ghsa-gc5v-m9x4-r6x2",
"ghsa-jp4c-xjxw-mgf9",
"ghsa-mf9v-mfxr-j63j",
"ghsa-qccp-gfcp-xxvc"
]
}
cleanstart-2026-sy44974
Vulnerability from cleanstart
Published
2026-05-18 13:12
Modified
2026-05-13 16:50
Summary
Security fixes for CVE-2015-20107, CVE-2015-2104, CVE-2019-16056, CVE-2019-16935, CVE-2019-20907, CVE-2019-5010, CVE-2020-14422, CVE-2020-8492, CVE-2021-23336, CVE-2021-29921, CVE-2021-3177, CVE-2022-45061, CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2025-59375, CVE-2026-3219, CVE-2026-6357 applied in versions: 3.10.5-r0, 3.11.1-r0, 3.11.5-r0, 3.12.12-r0, 3.12.13-r0, 3.12.3-r2, 3.12.6-r0, 3.6.8-r1, 3.7.5-r0, 3.8.2-r0, 3.8.4-r0, 3.8.5-r0, 3.8.7-r2, 3.8.8-r0, 3.9.4-r0, 3.9.5-r0
Details
Multiple security vulnerabilities affect the python3 package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "python3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the python3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SY44974",
"modified": "2026-05-13T16:50:45Z",
"published": "2026-05-18T13:12:05.660347Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SY44974.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-20107"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-2104"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-16056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-16935"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-20907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14422"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8492"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-23336"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-29921"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-45061"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27043"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6232"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59375"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-3219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-6357"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-20107"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2104"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16935"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14422"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8492"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23336"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29921"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27043"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6232"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2015-20107, CVE-2015-2104, CVE-2019-16056, CVE-2019-16935, CVE-2019-20907, CVE-2019-5010, CVE-2020-14422, CVE-2020-8492, CVE-2021-23336, CVE-2021-29921, CVE-2021-3177, CVE-2022-45061, CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2025-59375, CVE-2026-3219, CVE-2026-6357 applied in versions: 3.10.5-r0, 3.11.1-r0, 3.11.5-r0, 3.12.12-r0, 3.12.13-r0, 3.12.3-r2, 3.12.6-r0, 3.6.8-r1, 3.7.5-r0, 3.8.2-r0, 3.8.4-r0, 3.8.5-r0, 3.8.7-r2, 3.8.8-r0, 3.9.4-r0, 3.9.5-r0",
"upstream": [
"CVE-2015-20107",
"CVE-2015-2104",
"CVE-2019-16056",
"CVE-2019-16935",
"CVE-2019-20907",
"CVE-2019-5010",
"CVE-2020-14422",
"CVE-2020-8492",
"CVE-2021-23336",
"CVE-2021-29921",
"CVE-2021-3177",
"CVE-2022-45061",
"CVE-2023-27043",
"CVE-2024-6232",
"CVE-2024-6923",
"CVE-2025-59375",
"CVE-2026-3219",
"CVE-2026-6357"
]
}
FKIE_CVE-2026-6357
Vulnerability from fkie_nvd - Published: 2026-04-27 15:16 - Updated: 2026-04-27 23:16
Severity
Summary
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
}
],
"id": "CVE-2026-6357",
"lastModified": "2026-04-27T23:16:03.533",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@python.org",
"type": "Secondary"
}
]
},
"published": "2026-04-27T15:16:20.857",
"references": [
{
"source": "cna@python.org",
"url": "https://github.com/pypa/pip/pull/13923"
},
{
"source": "cna@python.org",
"url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
}
],
"sourceIdentifier": "cna@python.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-JP4C-XJXW-MGF9
Vulnerability from github – Published: 2026-04-27 15:30 – Updated: 2026-05-05 22:05
VLAI
Summary
pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
Details
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6357"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T22:05:46Z",
"nvd_published_at": "2026-04-27T15:16:20Z",
"severity": "MODERATE"
},
"details": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.",
"id": "GHSA-jp4c-xjxw-mgf9",
"modified": "2026-05-05T22:05:46Z",
"published": "2026-04-27T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
},
{
"type": "WEB",
"url": "https://github.com/pypa/pip/pull/13923"
},
{
"type": "WEB",
"url": "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad"
},
{
"type": "PACKAGE",
"url": "https://github.com/pypa/pip"
},
{
"type": "WEB",
"url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere"
}
MSRC_CVE-2026-6357
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-06-03 01:42Summary
pip self-update functionality can import newly installed modules after wheel installation
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21381-17084 | — | ||
| Unresolved product id: 20965-17084 | — | ||
| Unresolved product id: 21144-17084 | — | ||
| Unresolved product id: 21388-17084 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-4 | — |
None Available
|
|
| Unresolved product id: 17086-8 | — |
None Available
|
|
| Unresolved product id: 17084-1 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-5 | — | ||
| Unresolved product id: 17084-6 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-6357.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "pip self-update functionality can import newly installed modules after wheel installation",
"tracking": {
"current_release_date": "2026-06-03T01:42:21.000Z",
"generator": {
"date": "2026-06-03T07:57:49.872Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-6357",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-30T01:10:45.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-01T01:04:44.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-05-19T01:40:45.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-05-22T01:42:29.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-06-03T01:42:21.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-pip 0:24.2-8.azl3",
"product": {
"name": "\u003cazl3 python-pip 0:24.2-8.azl3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 python-pip 0:24.2-8.azl3",
"product": {
"name": "azl3 python-pip 0:24.2-8.azl3",
"product_id": "21381"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-pip 0:24.2-6.azl3",
"product": {
"name": "\u003cazl3 python-pip 0:24.2-6.azl3",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 python-pip 0:24.2-6.azl3",
"product": {
"name": "azl3 python-pip 0:24.2-6.azl3",
"product_id": "20965"
}
}
],
"category": "product_name",
"name": "python-pip"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-virtualenv 0:20.36.1-2.azl3",
"product": {
"name": "\u003cazl3 python-virtualenv 0:20.36.1-2.azl3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-virtualenv 0:20.36.1-2.azl3",
"product": {
"name": "azl3 python-virtualenv 0:20.36.1-2.azl3",
"product_id": "21144"
}
},
{
"category": "product_version_range",
"name": "cbl2 python-virtualenv 0:20.26.6-3.cbl2",
"product": {
"name": "cbl2 python-virtualenv 0:20.26.6-3.cbl2",
"product_id": "4"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-virtualenv 0:20.36.1-4.azl3",
"product": {
"name": "\u003cazl3 python-virtualenv 0:20.36.1-4.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 python-virtualenv 0:20.36.1-4.azl3",
"product": {
"name": "azl3 python-virtualenv 0:20.36.1-4.azl3",
"product_id": "21388"
}
}
],
"category": "product_name",
"name": "python-virtualenv"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 python3 0:3.9.19-19.cbl2",
"product": {
"name": "cbl2 python3 0:3.9.19-19.cbl2",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "python3"
},
{
"category": "product_name",
"name": "azl3 python3 0:3.12.9-10.azl3",
"product": {
"name": "azl3 python3 0:3.12.9-10.azl3",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 0:2.16.1-11.azl3",
"product": {
"name": "azl3 tensorflow 0:2.16.1-11.azl3",
"product_id": "6"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python3 0:3.12.9-10.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 0:2.16.1-11.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pip 0:24.2-8.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pip 0:24.2-8.azl3 as a component of Azure Linux 3.0",
"product_id": "21381-17084"
},
"product_reference": "21381",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pip 0:24.2-6.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pip 0:24.2-6.azl3 as a component of Azure Linux 3.0",
"product_id": "20965-17084"
},
"product_reference": "20965",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-virtualenv 0:20.36.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-virtualenv 0:20.36.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "21144-17084"
},
"product_reference": "21144",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-virtualenv 0:20.26.6-3.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python3 0:3.9.19-19.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-virtualenv 0:20.36.1-4.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-virtualenv 0:20.36.1-4.azl3 as a component of Azure Linux 3.0",
"product_id": "21388-17084"
},
"product_reference": "21388",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6357",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-6"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-5"
]
}
],
"notes": [
{
"category": "general",
"text": "PSF",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21381-17084",
"20965-17084",
"21144-17084",
"21388-17084"
],
"known_affected": [
"17084-2",
"17084-7",
"17084-3",
"17086-4",
"17086-8",
"17084-1"
],
"known_not_affected": [
"17084-5",
"17084-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-6357.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-30T01:10:45.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-4"
]
},
{
"category": "none_available",
"date": "2026-04-30T01:10:45.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-8"
]
},
{
"category": "vendor_fix",
"date": "2026-04-30T01:10:45.000Z",
"details": "0:24.2-8.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-04-30T01:10:45.000Z",
"details": "0:20.36.1-4.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "pip self-update functionality can import newly installed modules after wheel installation"
}
]
}
SUSE-SU-2026:22018-1
Vulnerability from csaf_suse - Published: 2026-06-02 13:37 - Updated: 2026-06-02 13:37Summary
Security update for python-pip
Severity
Moderate
Notes
Title of the patch: Security update for python-pip
Description of the patch: This update for python-pip fixes the following issues:
- CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious
code (bsc#1262429).
- CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting
in potential arbitrary code execution (bsc#1263442).
Patchnames: SUSE-SLES-16.0-872
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1262429 | self |
| https://bugzilla.suse.com/1263442 | self |
| https://www.suse.com/security/cve/CVE-2026-1703/ | self |
| https://www.suse.com/security/cve/CVE-2026-3219/ | self |
| https://www.suse.com/security/cve/CVE-2026-6357/ | self |
| https://www.suse.com/security/cve/CVE-2026-1703 | external |
| https://bugzilla.suse.com/1257599 | external |
| https://www.suse.com/security/cve/CVE-2026-3219 | external |
| https://bugzilla.suse.com/1262429 | external |
| https://www.suse.com/security/cve/CVE-2026-6357 | external |
| https://bugzilla.suse.com/1263442 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pip",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pip fixes the following issues:\n\n- CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious\n code (bsc#1262429).\n- CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting\n in potential arbitrary code execution (bsc#1263442).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-872",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22018-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22018-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622018-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22018-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047158.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262429",
"url": "https://bugzilla.suse.com/1262429"
},
{
"category": "self",
"summary": "SUSE Bug 1263442",
"url": "https://bugzilla.suse.com/1263442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1703 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-3219 page",
"url": "https://www.suse.com/security/cve/CVE-2026-3219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6357 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6357/"
}
],
"title": "Security update for python-pip",
"tracking": {
"current_release_date": "2026-06-02T13:37:13Z",
"generator": {
"date": "2026-06-02T13:37:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22018-1",
"initial_release_date": "2026-06-02T13:37:13Z",
"revision_history": [
{
"date": "2026-06-02T13:37:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pip-25.0.1-160000.4.1.noarch",
"product": {
"name": "python313-pip-25.0.1-160000.4.1.noarch",
"product_id": "python313-pip-25.0.1-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "python313-pip-wheel-25.0.1-160000.4.1.noarch",
"product": {
"name": "python313-pip-wheel-25.0.1-160000.4.1.noarch",
"product_id": "python313-pip-wheel-25.0.1-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pip-25.0.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch"
},
"product_reference": "python313-pip-25.0.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pip-wheel-25.0.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
},
"product_reference": "python313-pip-wheel-25.0.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pip-25.0.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch"
},
"product_reference": "python313-pip-25.0.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pip-wheel-25.0.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
},
"product_reference": "python313-pip-wheel-25.0.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1703"
}
],
"notes": [
{
"category": "general",
"text": "When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn\u0027t able to inject or overwrite executable files in typical situations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1703",
"url": "https://www.suse.com/security/cve/CVE-2026-1703"
},
{
"category": "external",
"summary": "SUSE Bug 1257599 for CVE-2026-1703",
"url": "https://bugzilla.suse.com/1257599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T13:37:13Z",
"details": "low"
}
],
"title": "CVE-2026-1703"
},
{
"cve": "CVE-2026-3219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-3219"
}
],
"notes": [
{
"category": "general",
"text": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-3219",
"url": "https://www.suse.com/security/cve/CVE-2026-3219"
},
{
"category": "external",
"summary": "SUSE Bug 1262429 for CVE-2026-3219",
"url": "https://bugzilla.suse.com/1262429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T13:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-3219"
},
{
"cve": "CVE-2026-6357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6357"
}
],
"notes": [
{
"category": "general",
"text": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6357",
"url": "https://www.suse.com/security/cve/CVE-2026-6357"
},
{
"category": "external",
"summary": "SUSE Bug 1263442 for CVE-2026-6357",
"url": "https://bugzilla.suse.com/1263442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-25.0.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pip-wheel-25.0.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T13:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-6357"
}
]
}
SUSE-SU-2026:2387-1
Vulnerability from csaf_suse - Published: 2026-06-12 13:57 - Updated: 2026-06-12 13:57Summary
Security update for python
Severity
Important
Notes
Title of the patch: Security update for python
Description of the patch: This update for python fixes the following issues
- CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously
crafted wheel archives (bsc#1257599).
- CVE-2026-3219: pip doesn't reject concatenated ZIP (bsc#1262429).
- CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319).
- CVE-2026-6019: BaseCookie.js_output() does not neutralize embedded characters (bsc#1262654).
- CVE-2026-6100: arbitrary code execution or information disclosure via use-after-free in decompression modules
(bsc#1262098).
- CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation
(bsc#1263442).
Changes for python:
- For SLE-12-SP1 use vendored libffi (bsc#1261652). We have
libffi4.so from SP3 only.
Patchnames: SUSE-2026-2387,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2387
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
30 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1257599 | self |
| https://bugzilla.suse.com/1261652 | self |
| https://bugzilla.suse.com/1262098 | self |
| https://bugzilla.suse.com/1262319 | self |
| https://bugzilla.suse.com/1262429 | self |
| https://bugzilla.suse.com/1262654 | self |
| https://bugzilla.suse.com/1263442 | self |
| https://www.suse.com/security/cve/CVE-2026-1703/ | self |
| https://www.suse.com/security/cve/CVE-2026-3219/ | self |
| https://www.suse.com/security/cve/CVE-2026-4786/ | self |
| https://www.suse.com/security/cve/CVE-2026-6019/ | self |
| https://www.suse.com/security/cve/CVE-2026-6100/ | self |
| https://www.suse.com/security/cve/CVE-2026-6357/ | self |
| https://www.suse.com/security/cve/CVE-2026-1703 | external |
| https://bugzilla.suse.com/1257599 | external |
| https://www.suse.com/security/cve/CVE-2026-3219 | external |
| https://bugzilla.suse.com/1262429 | external |
| https://www.suse.com/security/cve/CVE-2026-4786 | external |
| https://bugzilla.suse.com/1260026 | external |
| https://bugzilla.suse.com/1262319 | external |
| https://www.suse.com/security/cve/CVE-2026-6019 | external |
| https://bugzilla.suse.com/1262654 | external |
| https://www.suse.com/security/cve/CVE-2026-6100 | external |
| https://bugzilla.suse.com/1262098 | external |
| https://www.suse.com/security/cve/CVE-2026-6357 | external |
| https://bugzilla.suse.com/1263442 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python fixes the following issues\n\n- CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously\n crafted wheel archives (bsc#1257599).\n- CVE-2026-3219: pip doesn\u0027t reject concatenated ZIP (bsc#1262429).\n- CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319).\n- CVE-2026-6019: BaseCookie.js_output() does not neutralize embedded characters (bsc#1262654).\n- CVE-2026-6100: arbitrary code execution or information disclosure via use-after-free in decompression modules\n (bsc#1262098).\n- CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation\n (bsc#1263442).\n\nChanges for python:\n\n- For SLE-12-SP1 use vendored libffi (bsc#1261652). We have\n libffi4.so from SP3 only.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2387,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2387-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2387-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262387-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2387-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047295.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257599",
"url": "https://bugzilla.suse.com/1257599"
},
{
"category": "self",
"summary": "SUSE Bug 1261652",
"url": "https://bugzilla.suse.com/1261652"
},
{
"category": "self",
"summary": "SUSE Bug 1262098",
"url": "https://bugzilla.suse.com/1262098"
},
{
"category": "self",
"summary": "SUSE Bug 1262319",
"url": "https://bugzilla.suse.com/1262319"
},
{
"category": "self",
"summary": "SUSE Bug 1262429",
"url": "https://bugzilla.suse.com/1262429"
},
{
"category": "self",
"summary": "SUSE Bug 1262654",
"url": "https://bugzilla.suse.com/1262654"
},
{
"category": "self",
"summary": "SUSE Bug 1263442",
"url": "https://bugzilla.suse.com/1263442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1703 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-3219 page",
"url": "https://www.suse.com/security/cve/CVE-2026-3219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4786 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6019 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6100 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6357 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6357/"
}
],
"title": "Security update for python",
"tracking": {
"current_release_date": "2026-06-12T13:57:53Z",
"generator": {
"date": "2026-06-12T13:57:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2387-1",
"initial_release_date": "2026-06-12T13:57:53Z",
"revision_history": [
{
"date": "2026-06-12T13:57:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"product_id": "libpython2_7-1_0-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-2.7.18-150000.120.1.aarch64",
"product_id": "python-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-base-2.7.18-150000.120.1.aarch64",
"product_id": "python-base-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-curses-2.7.18-150000.120.1.aarch64",
"product_id": "python-curses-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-demo-2.7.18-150000.120.1.aarch64",
"product_id": "python-demo-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-devel-2.7.18-150000.120.1.aarch64",
"product_id": "python-devel-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-gdbm-2.7.18-150000.120.1.aarch64",
"product_id": "python-gdbm-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-idle-2.7.18-150000.120.1.aarch64",
"product_id": "python-idle-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-tk-2.7.18-150000.120.1.aarch64",
"product_id": "python-tk-2.7.18-150000.120.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.120.1.aarch64",
"product": {
"name": "python-xml-2.7.18-150000.120.1.aarch64",
"product_id": "python-xml-2.7.18-150000.120.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product": {
"name": "libpython2_7-1_0-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product_id": "libpython2_7-1_0-64bit-2.7.18-150000.120.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product": {
"name": "python-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product_id": "python-64bit-2.7.18-150000.120.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-base-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product": {
"name": "python-base-64bit-2.7.18-150000.120.1.aarch64_ilp32",
"product_id": "python-base-64bit-2.7.18-150000.120.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.120.1.i586",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.i586",
"product_id": "libpython2_7-1_0-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.120.1.i586",
"product": {
"name": "python-2.7.18-150000.120.1.i586",
"product_id": "python-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.120.1.i586",
"product": {
"name": "python-base-2.7.18-150000.120.1.i586",
"product_id": "python-base-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.120.1.i586",
"product": {
"name": "python-curses-2.7.18-150000.120.1.i586",
"product_id": "python-curses-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.120.1.i586",
"product": {
"name": "python-demo-2.7.18-150000.120.1.i586",
"product_id": "python-demo-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.120.1.i586",
"product": {
"name": "python-devel-2.7.18-150000.120.1.i586",
"product_id": "python-devel-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.120.1.i586",
"product": {
"name": "python-gdbm-2.7.18-150000.120.1.i586",
"product_id": "python-gdbm-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.120.1.i586",
"product": {
"name": "python-idle-2.7.18-150000.120.1.i586",
"product_id": "python-idle-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.120.1.i586",
"product": {
"name": "python-tk-2.7.18-150000.120.1.i586",
"product_id": "python-tk-2.7.18-150000.120.1.i586"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.120.1.i586",
"product": {
"name": "python-xml-2.7.18-150000.120.1.i586",
"product_id": "python-xml-2.7.18-150000.120.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-doc-2.7.18-150000.120.1.noarch",
"product": {
"name": "python-doc-2.7.18-150000.120.1.noarch",
"product_id": "python-doc-2.7.18-150000.120.1.noarch"
}
},
{
"category": "product_version",
"name": "python-doc-pdf-2.7.18-150000.120.1.noarch",
"product": {
"name": "python-doc-pdf-2.7.18-150000.120.1.noarch",
"product_id": "python-doc-pdf-2.7.18-150000.120.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"product_id": "libpython2_7-1_0-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-2.7.18-150000.120.1.ppc64le",
"product_id": "python-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-base-2.7.18-150000.120.1.ppc64le",
"product_id": "python-base-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-curses-2.7.18-150000.120.1.ppc64le",
"product_id": "python-curses-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-demo-2.7.18-150000.120.1.ppc64le",
"product_id": "python-demo-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-devel-2.7.18-150000.120.1.ppc64le",
"product_id": "python-devel-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-gdbm-2.7.18-150000.120.1.ppc64le",
"product_id": "python-gdbm-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-idle-2.7.18-150000.120.1.ppc64le",
"product_id": "python-idle-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-tk-2.7.18-150000.120.1.ppc64le",
"product_id": "python-tk-2.7.18-150000.120.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.120.1.ppc64le",
"product": {
"name": "python-xml-2.7.18-150000.120.1.ppc64le",
"product_id": "python-xml-2.7.18-150000.120.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"product_id": "libpython2_7-1_0-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-2.7.18-150000.120.1.s390x",
"product_id": "python-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-base-2.7.18-150000.120.1.s390x",
"product_id": "python-base-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-curses-2.7.18-150000.120.1.s390x",
"product_id": "python-curses-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-demo-2.7.18-150000.120.1.s390x",
"product_id": "python-demo-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-devel-2.7.18-150000.120.1.s390x",
"product_id": "python-devel-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-gdbm-2.7.18-150000.120.1.s390x",
"product_id": "python-gdbm-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-idle-2.7.18-150000.120.1.s390x",
"product_id": "python-idle-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-tk-2.7.18-150000.120.1.s390x",
"product_id": "python-tk-2.7.18-150000.120.1.s390x"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.120.1.s390x",
"product": {
"name": "python-xml-2.7.18-150000.120.1.s390x",
"product_id": "python-xml-2.7.18-150000.120.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"product_id": "libpython2_7-1_0-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython2_7-1_0-32bit-2.7.18-150000.120.1.x86_64",
"product": {
"name": "libpython2_7-1_0-32bit-2.7.18-150000.120.1.x86_64",
"product_id": "libpython2_7-1_0-32bit-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-2.7.18-150000.120.1.x86_64",
"product_id": "python-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-32bit-2.7.18-150000.120.1.x86_64",
"product_id": "python-32bit-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-base-2.7.18-150000.120.1.x86_64",
"product_id": "python-base-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-32bit-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-base-32bit-2.7.18-150000.120.1.x86_64",
"product_id": "python-base-32bit-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-curses-2.7.18-150000.120.1.x86_64",
"product_id": "python-curses-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-demo-2.7.18-150000.120.1.x86_64",
"product_id": "python-demo-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-devel-2.7.18-150000.120.1.x86_64",
"product_id": "python-devel-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-gdbm-2.7.18-150000.120.1.x86_64",
"product_id": "python-gdbm-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-idle-2.7.18-150000.120.1.x86_64",
"product_id": "python-idle-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-tk-2.7.18-150000.120.1.x86_64",
"product_id": "python-tk-2.7.18-150000.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.120.1.x86_64",
"product": {
"name": "python-xml-2.7.18-150000.120.1.x86_64",
"product_id": "python-xml-2.7.18-150000.120.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64"
},
"product_reference": "python-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x"
},
"product_reference": "python-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64"
},
"product_reference": "python-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.120.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.120.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.120.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.120.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.120.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.120.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.120.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1703"
}
],
"notes": [
{
"category": "general",
"text": "When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn\u0027t able to inject or overwrite executable files in typical situations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1703",
"url": "https://www.suse.com/security/cve/CVE-2026-1703"
},
{
"category": "external",
"summary": "SUSE Bug 1257599 for CVE-2026-1703",
"url": "https://bugzilla.suse.com/1257599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "low"
}
],
"title": "CVE-2026-1703"
},
{
"cve": "CVE-2026-3219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-3219"
}
],
"notes": [
{
"category": "general",
"text": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-3219",
"url": "https://www.suse.com/security/cve/CVE-2026-3219"
},
{
"category": "external",
"summary": "SUSE Bug 1262429 for CVE-2026-3219",
"url": "https://bugzilla.suse.com/1262429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-3219"
},
{
"cve": "CVE-2026-4786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4786"
}
],
"notes": [
{
"category": "general",
"text": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4786",
"url": "https://www.suse.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "SUSE Bug 1260026 for CVE-2026-4786",
"url": "https://bugzilla.suse.com/1260026"
},
{
"category": "external",
"summary": "SUSE Bug 1262319 for CVE-2026-4786",
"url": "https://bugzilla.suse.com/1262319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "important"
}
],
"title": "CVE-2026-4786"
},
{
"cve": "CVE-2026-6019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6019"
}
],
"notes": [
{
"category": "general",
"text": "http.cookies.Morsel.js_output() returns an inline \u003cscript\u003e snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003c/script\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6019",
"url": "https://www.suse.com/security/cve/CVE-2026-6019"
},
{
"category": "external",
"summary": "SUSE Bug 1262654 for CVE-2026-6019",
"url": "https://bugzilla.suse.com/1262654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "low"
}
],
"title": "CVE-2026-6019"
},
{
"cve": "CVE-2026-6100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6100"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6100",
"url": "https://www.suse.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "SUSE Bug 1262098 for CVE-2026-6100",
"url": "https://bugzilla.suse.com/1262098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "important"
}
],
"title": "CVE-2026-6100"
},
{
"cve": "CVE-2026-6357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6357"
}
],
"notes": [
{
"category": "general",
"text": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6357",
"url": "https://www.suse.com/security/cve/CVE-2026-6357"
},
{
"category": "external",
"summary": "SUSE Bug 1263442 for CVE-2026-6357",
"url": "https://bugzilla.suse.com/1263442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.120.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-12T13:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-6357"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…