CVE-2019-16328 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-16328 Interim 1 18 2025-02-17T01:55:32Z current 2021-05-30T14:31:48Z 2025-02-17T01:55:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-16328 In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHUKBLKWZWODQKPCVHXLQCUVGYXZ2GNZ/ E-Mail link for openSUSE-SU-2020:0685-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P2P2Z5TQ7S4G5GV2BXHOSEUU7WD6ISPM/ E-Mail link for openSUSE-SU-2020:0763-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP1 openSUSE Leap 15.1 openSUSE Tumbleweed python2-rpyc-4.1.5-bp151.2.3.1 python2-rpyc-4.1.5-lp151.3.3.1 python3-rpyc-4.1.5-bp151.2.3.1 python3-rpyc-4.1.5-lp151.3.3.1 python310-rpyc-6.0.0-1.2 python311-rpyc-6.0.0-1.2 python312-rpyc-6.0.0-1.2 python36-rpyc-4.1.5-2.7 python38-rpyc-4.1.5-2.7 python39-rpyc-4.1.5-2.7 python2-rpyc-4.1.5-bp151.2.3.1 as a component of SUSE Package Hub 15 SP1 python3-rpyc-4.1.5-bp151.2.3.1 as a component of SUSE Package Hub 15 SP1 python2-rpyc-4.1.5-lp151.3.3.1 as a component of openSUSE Leap 15.1 python3-rpyc-4.1.5-lp151.3.3.1 as a component of openSUSE Leap 15.1 python310-rpyc-6.0.0-1.2 as a component of openSUSE Tumbleweed python311-rpyc-6.0.0-1.2 as a component of openSUSE Tumbleweed python312-rpyc-6.0.0-1.2 as a component of openSUSE Tumbleweed python36-rpyc-4.1.5-2.7 as a component of openSUSE Tumbleweed python38-rpyc-4.1.5-2.7 as a component of openSUSE Tumbleweed python39-rpyc-4.1.5-2.7 as a component of openSUSE Tumbleweed In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. CVE-2019-16328 SUSE Package Hub 15 SP1:python2-rpyc-4.1.5-bp151.2.3.1 SUSE Package Hub 15 SP1:python3-rpyc-4.1.5-bp151.2.3.1 openSUSE Leap 15.1:python2-rpyc-4.1.5-lp151.3.3.1 openSUSE Leap 15.1:python3-rpyc-4.1.5-lp151.3.3.1 openSUSE Tumbleweed:python310-rpyc-6.0.0-1.2 openSUSE Tumbleweed:python311-rpyc-6.0.0-1.2 openSUSE Tumbleweed:python312-rpyc-6.0.0-1.2 openSUSE Tumbleweed:python36-rpyc-4.1.5-2.7 openSUSE Tumbleweed:python38-rpyc-4.1.5-2.7 openSUSE Tumbleweed:python39-rpyc-4.1.5-2.7 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N