「 网络安全常用术语解读 」通用漏洞报告框架CVRF详解

news2024/12/29 11:21:06

1. 背景

ICASI在推进多供应商协调漏洞披露方面处于领先地位,引入了通用漏洞报告框架(Common Vulnerability Reporting Format,CVRF)标准,制定了统一安全事件响应计划(USIRP)的原则,帮助创建了多方漏洞协调和披露指南和实践,并建立了一个成功协调多供应商应对众多安全事件的行业领导者信托小组。为了继续取得这些成功,并确保全球社会更广泛的参与,ICASI(Industry Consortium for Advancement of Security on the Internet,互联网安全的行业促进联盟)将作为一个独立组织解散,并将其所有资产于2021年5月28日转移给了FIRST(Forum of Incident Response and Security Teams,事件响应和安全团队论坛)

  • ICASI成立于2008年,旨在通过推动安全应对实践的卓越和创新来加强全球安全格局,促进成员之间的合作,以分析、缓解和解决多方利益相关者的全球安全挑战。这一角色将继续,但作为现有FIRST PSIRT SIG的一部分,扩展和提高社区应对多个供应商漏洞的能力。
  • FIRST成立于1990年,是全球安全事件响应的领导者。

在这里插入图片描述
截止目前,CVRF的治理已从ICASI过渡到结构化信息标准促进组织(Organization for the Advancement of Structured Information Standards,OASIS),并将更名为CSAF(通用安全能告框架)。

2. CVRF概览

通用漏洞报告框架(Common Vulnerability Reporting Format,CVRF)是以机器可读形式(XML文件)发布安全通告(Security Advisory,SA)的行业标准格式。安全通告包含漏洞严重等级、业务影响和修补方案等信息,用以传递漏洞修补方案。安全通告(SA)用于发布华为产品直接相关的严重(Critical)和高(High)等级的漏洞信息及修补方案。安全通告(SA)一般都会提供下载通用漏洞报告框架(CVRF)内容的选项,旨在以机器可读格式描述漏洞信息,以支持受影响客户的工具使用。

CVRF与OVAL格式不同,OVAL格式的目标是能够在安全性方面对系统的状态进行机器验证,而CVRF格式的目标则是基于机器导入票证系统和漏洞跟踪器以进行漏洞响应。

在这里插入图片描述

CVRF样例(CVE-2024-4340)

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
  <DocumentTitle xml:lang="en">CVE-2024-4340</DocumentTitle>
  <DocumentType>SUSE CVE</DocumentType>
  <DocumentPublisher Type="Vendor">
    <ContactDetails>security@suse.de</ContactDetails>
    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
  </DocumentPublisher>
  <DocumentTracking>
    <Identification>
      <ID>SUSE CVE-2024-4340</ID>
    </Identification>
    <Status>Interim</Status>
    <Version>1</Version>
    <RevisionHistory>
      <Revision>
        <Number>2</Number>
        <Date>2024-05-01T23:14:09Z</Date>
        <Description>current</Description>
      </Revision>
    </RevisionHistory>
    <InitialReleaseDate>2024-04-30T23:14:33Z</InitialReleaseDate>
    <CurrentReleaseDate>2024-05-01T23:14:09Z</CurrentReleaseDate>
    <Generator>
      <Engine>cve-database/bin/generate-cvrf-cve.pl</Engine>
      <Date>2020-12-27T01:00:00Z</Date>
    </Generator>
  </DocumentTracking>
  <DocumentNotes>
    <Note Title="CVE" Type="Summary" Ordinal="1" xml:lang="en">CVE-2024-4340</Note>
    <Note Title="Mitre CVE Description" Type="Description" Ordinal="2" xml:lang="en">Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

</Note>
    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="4" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
  </DocumentNotes>
  <DocumentReferences>
    <Reference Type="Self">
      <URL>https://www.suse.com/support/security/rating/</URL>
      <Description>SUSE Security Ratings</Description>
    </Reference>
  </DocumentReferences>
  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
    <Branch Type="Product Family" Name="HPE Helion OpenStack 8">
      <Branch Type="Product Name" Name="HPE Helion OpenStack 8">
        <FullProductName ProductID="HPE Helion OpenStack 8" CPE="cpe:/o:suse:hpe-helion-openstack:8">HPE Helion OpenStack 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Enterprise Storage 7.1">
      <Branch Type="Product Name" Name="SUSE Enterprise Storage 7.1">
        <FullProductName ProductID="SUSE Enterprise Storage 7.1" CPE="cpe:/o:suse:ses:7.1">SUSE Enterprise Storage 7.1</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Desktop 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Desktop 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp2">SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp3">SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" CPE="cpe:/o:suse:sle_hpc-espos:15:sp4">SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp4">SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Package Hub 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5" CPE="cpe:/o:suse:packagehub:15:sp5">SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Module for Package Hub 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Package Hub 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP6" CPE="cpe:/o:suse:packagehub:15:sp6">SUSE Linux Enterprise Module for Package Hub 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP1-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp1">SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP2-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp2">SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP3-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP3-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP3-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp3">SUSE Linux Enterprise Server 15 SP3-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP4-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP4-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP4-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp4">SUSE Linux Enterprise Server 15 SP4-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2" CPE="cpe:/o:suse:sles_sap:15:sp2">SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP3" CPE="cpe:/o:suse:sles_sap:15:sp3">SUSE Linux Enterprise Server for SAP Applications 15 SP3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP4" CPE="cpe:/o:suse:sles_sap:15:sp4">SUSE Linux Enterprise Server for SAP Applications 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Proxy 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Proxy 4.3">
        <FullProductName ProductID="SUSE Manager Proxy 4.3" CPE="cpe:/o:suse:suse-manager-proxy:4.3">SUSE Manager Proxy 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Retail Branch Server 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Retail Branch Server 4.3">
        <FullProductName ProductID="SUSE Manager Retail Branch Server 4.3" CPE="cpe:/o:suse:suse-manager-retail-branch-server:4.3">SUSE Manager Retail Branch Server 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Server 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Server 4.3">
        <FullProductName ProductID="SUSE Manager Server 4.3" CPE="cpe:/o:suse:suse-manager-server:4.3">SUSE Manager Server 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud 8">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud 8">
        <FullProductName ProductID="SUSE OpenStack Cloud 8" CPE="cpe:/o:suse:suse-openstack-cloud:8">SUSE OpenStack Cloud 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud 9">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud 9">
        <FullProductName ProductID="SUSE OpenStack Cloud 9" CPE="cpe:/o:suse:suse-openstack-cloud:9">SUSE OpenStack Cloud 9</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud Crowbar 8">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud Crowbar 8">
        <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 8" CPE="cpe:/o:suse:suse-openstack-cloud-crowbar:8">SUSE OpenStack Cloud Crowbar 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud Crowbar 9">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud Crowbar 9">
        <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 9" CPE="cpe:/o:suse:suse-openstack-cloud-crowbar:9">SUSE OpenStack Cloud Crowbar 9</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="openSUSE Leap 15.5">
      <Branch Type="Product Name" Name="openSUSE Leap 15.5">
        <FullProductName ProductID="openSUSE Leap 15.5" CPE="cpe:/o:opensuse:leap:15.5">openSUSE Leap 15.5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="openSUSE Leap 15.6">
      <Branch Type="Product Name" Name="openSUSE Leap 15.6">
        <FullProductName ProductID="openSUSE Leap 15.6" CPE="cpe:/o:opensuse:leap:15.6">openSUSE Leap 15.6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Version" Name="python-sqlparse">
      <FullProductName ProductID="python-sqlparse" CPE="cpe:2.3:a:sqlparse_project:sqlparse:*:*:*:*:*:*:*:*">python-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python2-sqlparse">
      <FullProductName ProductID="python2-sqlparse">python2-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python3-sqlparse">
      <FullProductName ProductID="python3-sqlparse">python3-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python311-sqlparse">
      <FullProductName ProductID="python311-sqlparse">python311-sqlparse</FullProductName>
    </Branch>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="HPE Helion OpenStack 8">
      <FullProductName ProductID="HPE Helion OpenStack 8:python-sqlparse">python-sqlparse as a component of HPE Helion OpenStack 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Enterprise Storage 7.1">
      <FullProductName ProductID="SUSE Enterprise Storage 7.1:python3-sqlparse">python3-sqlparse as a component of SUSE Enterprise Storage 7.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Basesystem 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Basesystem 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python2-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-sqlparse">python2-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP6:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python311-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-sqlparse">python311-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python311-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5:python311-sqlparse">python311-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Python 3 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP3-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP3-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP3-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP4-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP4-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP4-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Proxy 4.3">
      <FullProductName ProductID="SUSE Manager Proxy 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Proxy 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Retail Branch Server 4.3">
      <FullProductName ProductID="SUSE Manager Retail Branch Server 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Retail Branch Server 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Server 4.3">
      <FullProductName ProductID="SUSE Manager Server 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Server 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud 8">
      <FullProductName ProductID="SUSE OpenStack Cloud 8:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud 9">
      <FullProductName ProductID="SUSE OpenStack Cloud 9:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud 9</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud Crowbar 8">
      <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 8:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud Crowbar 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud Crowbar 9">
      <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 9:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud Crowbar 9</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
      <FullProductName ProductID="openSUSE Leap 15.5:python-sqlparse">python-sqlparse as a component of openSUSE Leap 15.5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
      <FullProductName ProductID="openSUSE Leap 15.5:python3-sqlparse">python3-sqlparse as a component of openSUSE Leap 15.5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
      <FullProductName ProductID="openSUSE Leap 15.6:python-sqlparse">python-sqlparse as a component of openSUSE Leap 15.6</FullProductName>
    </Relationship>
  </ProductTree>
  <Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

</Note>
    </Notes>
    <CVE>CVE-2024-4340</CVE>
    <ProductStatuses>
      <Status Type="Known Affected">
        <ProductID>HPE Helion OpenStack 8:python-sqlparse</ProductID>
        <ProductID>SUSE Enterprise Storage 7.1:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP5:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP6:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP4:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP5:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP5:python311-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Python 3 15 SP6:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP1-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP1-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP2-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP2-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP3-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP4-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP2:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Proxy 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Retail Branch Server 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Server 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud 8:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud 9:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud Crowbar 8:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud Crowbar 9:python-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.5:python-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.5:python3-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.6:python-sqlparse</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>important</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSetV3>
        <BaseScoreV3>7.5</BaseScoreV3>
        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
      </ScoreSetV3>
    </CVSSScoreSets>
  </Vulnerability>
</cvrfdoc>

3. CVRF主要内容

在这里插入图片描述
CVRF一级节点有11个,具体如下:

  1. Title(标题): cvrf:DocumentTitle
  2. Type(类型): cvrf:DocumentType
  3. Publisher(发布者): cvrf:DocumentPublisher
  4. Tracking(跟踪): cvrf:DocumentTracking
  5. Notes(注释): cvrf:DocumentNotes
  6. Distribution(分发): cvrf:DocumentDistribution
  7. Aggregate Severity(严重级别): cvrf:AggregateSeverity
  8. References( 参考): cvrf:DocumentReferences
  9. Acknowledgements(致谢): cvrf:Acknowledgements
  10. Product Tree(产品树): prod:ProductTree
  11. Vulnerability(漏洞): vuln:Vulnerability

关于CVRF的文档的详细介绍可以参阅如下官方文档:

  • pcsaf-cvrf-v1.2-cs01.pdf (访问密码: 6277)

4. CSAF是CVRF的替代品吗?

答案是肯定的。CSAF是通用漏洞报告框架(CVRF)的替代品,它增强了CVRF的能力,包括不同的配置文件(例如,CSAF基础、信息咨询、事件响应、VEX等)。每个配置文件通过强制使用标准中的其他字段,直接或间接地通过标准中的另一个配置文件扩展基本配置文件“CSAF基本”。概要文件总是可以添加,但决不能减去或覆盖其扩展的概要文件中定义的需求。CSAF还提供了CVRF不支持的几个附加增强功能。此外,CSAF使用JSON,而CVRF使用XML

CVRF文件可以转换为CSAF,它将 CVRF 文档作为输入并将其转换为有效的 CSAF 文档。

5. 参考

[1] https://github.com/oasis-tcs/csaf/tree/master/cvrf_1.2
[2] https://oasis-open.github.io/csaf-documentation/
[3] https://www.suse.com/zh-cn/support/security/cvrf/
[4] https://www.redhat.com/zh/blog/csaf-vex-documents-now-generally-available
[5] https://ftp.suse.com/pub/projects/security/cvrf-cve/


推荐阅读:

  • 「 网络安全常用术语解读 」软件物料清单SBOM详解
  • 「 网络安全常用术语解读 」SBOM主流格式CycloneDX详解
  • 「 网络安全常用术语解读 」SBOM主流格式SPDX详解
  • 「 网络安全常用术语解读 」SBOM主流格式CycloneDX详解
  • 「 网络安全常用术语解读 」漏洞利用交换VEX详解
  • 「 网络安全常用术语解读 」软件成分分析SCA详解:从发展背景到技术原理再到业界常用检测工具推荐
  • 「 网络安全常用术语解读 」什么是0day、1day、nday漏洞
  • 「 网络安全常用术语解读 」软件物料清单SBOM详解
  • 「 网络安全常用术语解读 」杀链Kill Chain详解
  • 「 网络安全常用术语解读 」点击劫持Clickjacking详解
  • 「 网络安全常用术语解读 」悬空标记注入详解
  • 「 网络安全常用术语解读 」内容安全策略CSP详解
  • 「 网络安全常用术语解读 」同源策略SOP详解
  • 「 网络安全常用术语解读 」静态分析结果交换格式SARIF详解
  • 「 网络安全常用术语解读 」安全自动化协议SCAP详解
  • 「 网络安全常用术语解读 」通用平台枚举CPE详解
  • 「 网络安全常用术语解读 」通用缺陷枚举CWE详解
  • 「 网络安全常用术语解读 」通用漏洞披露CVE详解
  • 「 网络安全常用术语解读 」通用配置枚举CCE详解
  • 「 网络安全常用术语解读 」通用漏洞评分系统CVSS详解
  • 「 网络安全常用术语解读 」漏洞利用交换VEX详解
  • 「 网络安全常用术语解读 」软件成分分析SCA详解:从发展背景到技术原理再到业界常用检测工具推荐
  • 「 网络安全常用术语解读 」通用攻击模式枚举和分类CAPEC详解
  • 「 网络安全常用术语解读 」网络攻击者的战术、技术和常识知识库ATT&CK详解

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1642447.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

Python中无法pip的解决办法和pip的介绍

什么是pip&#xff1f; PIP是通用的Python包管理工具&#xff0c;提供了对 Python 包的查找、下载、安装、卸载、更新等功能。安装诸如Pygame、Pymysql、requests、Django等Python包时&#xff0c;都要用到pip。 注意&#xff1a;在Python3.4&#xff08;一说是3.6&#xff09…

Electron 对 SQLite 进行加密

上一篇讲了如何在 Electron使用 SQLite&#xff0c;如果 SQLite 中存有敏感数据&#xff0c;客户端采用明文存储风险很高&#xff0c;为了保护客户数据&#xff0c;就需要对数据进行加密&#xff0c;由于 electron 对代码并不加密&#xff0c;所以这里排除通过逆向工程进行数据…

ArcGIS软件:地图投影的认识、投影定制

这一篇博客介绍的主要是如何在ArcGIS软件中查看投影数据&#xff0c;如何定制投影。 1.查看地图坐标系、投影数据 首先我们打开COUNTIES.shp数据&#xff08;美国行政区划图&#xff09;&#xff0c;并点击鼠标右键&#xff0c;再点击数据框属性就可以得到以下的界面。 我们从…

深入理解分布式事务⑨ ---->MySQL 事务的实现原理 之 MySQL 中的XA 事务(基本原理、流程分析、事务语法、简单例子演示)详解

目录 MySQL 事务的实现原理 之 MySQL 中的XA 事务&#xff08;基本原理、流程分析、事务语法、简单例子演示&#xff09;详解MySQL 中的 XA 事务1、XA 事务的基本原理1-1&#xff1a;XA 事务模型图&#xff1a;1-2&#xff1a;XA 事务模型的两阶段提交操作&#xff1a;Prepare …

MLP手写数字识别(3)-使用tf.data.Dataset模块制作模型输入(tensorflow)

1、tensorflow版本查看 import tensorflow as tfprint(Tensorflow Version:{}.format(tf.__version__)) print(tf.config.list_physical_devices())2、MNIST数据集下载与预处理 (train_images,train_labels),(test_images,test_labels) tf.keras.datasets.mnist.load_data()…

02_Java综述

目录 面向对象编程两种范式抽象OOP 三原则封装继承多态多态、封装与继承协同工作 面向对象编程 面向对象编程(Object-Oriented Programming&#xff0c;OOP)在Java中核心地位。几乎所有的Java程序至少在某种程度上都是面向对象的。OOP与java是密不可分的。下面说一下OOP的理论…

【已解决】VSCode 连接远程 Ubuntu :检测到 #include 错误。请更新 includePath。

文章目录 1. 环境声明2. 解决过程 1. 环境声明 即使是同一个报错&#xff0c;在不同的环境中&#xff0c;报错原因、解决方法都是不同的&#xff0c;本文只能解决跟我类似的问题&#xff0c;如果你发现你跟我遇到的问题不太一样&#xff0c;建议寻找其他解法。 必须要吐槽的是…

吴恩达2022机器学习专项课程C2(高级学习算法)W1(神经网络):2.1神经元与大脑

目录 神经网络1.初始动机*2.发展历史3.深度学习*4.应用历程 生物神经元1.基本功能2.神经元的互动方式3.信号传递与思维形成4.神经网络的形成 生物神经元简化1.生物神经元的结构2.信号传递过程3.生物学术语与人工神经网络 人工神经元*1.模型简化2.人工神经网络的构建3.计算和输入…

基于51单片机的智能台灯proteus仿真设计( proteus仿真+程序+原理图+报告+讲解视频)

基于51单片机的红外光敏检测智能台灯控制系统仿真( proteus仿真程序原理图报告讲解视频&#xff09; 1.主要功能&#xff1a; 基于51单片机的红外检测光照检测智能台灯仿真设计 1、检测光照强度并显示在数码管上。 2、具备红外检测人体功能。 3、灯光控制模式分为自动模式…

RabbiMQ(Docker 单机部署)

序言 本文给大家介绍如何使用 Docker 单机部署 RabbitMQ 并与 SpringBoot 整合使用。 一、部署流程 拉取镜像 docker pull rabbitmq:3-management镜像拉取成功之后使用下面命令启动 rabbitmq 容器 docker run \# 指定用户名-e RABBITMQ_DEFAULT_USERusername \# 指定密码-e R…

golang for经典练习 金字塔打印 示例 支持控制台输入要打印的层数

go语言中最经典的for练习程序 金字塔打印 &#xff0c;这也是其他语言中学习循环和条件算法最为经典的联系题。 其核心算法是如何控制内层循环变量j 每行打印的*号数量 j<i*2-1 和空格数量 j1 || j i*2-1 golang中实现实心金字塔 Solid Pyramid和空心金字塔 Hollow Pyram…

上位机图像处理和嵌入式模块部署(树莓派4b使用lua)

【 声明&#xff1a;版权所有&#xff0c;欢迎转载&#xff0c;请勿用于商业用途。 联系信箱&#xff1a;feixiaoxing 163.com】 lua是一个脚本语言&#xff0c;比c语言开发容易&#xff0c;也没有python那么重&#xff0c;整体使用还是非常方便的。一般当成胶水语言进行开发&a…

ASP.NET 两种开发模式

1》》WebForm 开发模式 1. 服务器端控件 2. 一般处理程序html静态页Ajax 3. 一般处理程序html模板 如下图 2》》MVC 太复杂的系统&#xff0c;会造成Controller 过复杂。 后来就诞生了 MVP、MVVM等模式

C语言 计数控制循环

今天 我们来说 计数控制的循环 对于循环次数 我们已知的循环 我们称之为 计数控制的循环 这种情况 我们一般选择 for来实现 更为方便 先看一个案例 求 1 到 N 的累加合 我们代码可以这样写 #define _CRT_SECURE_NO_WARNINGS//禁用安全函数警告 #pragma warning(disable:6031…

wireshark的安装使用及相关UDP、TCP、 ARP

初步了解&#xff1a; 进入wireshark后如图&#xff1a; 从图中可以看到很多网络连接在操作的时候我们需要监测哪些 我们可以直接在本地的运行框中输入ipconfig来查看 如图&#xff1a; 从以上图片中我们可以清楚地看到哪些网络连接已经连接的我们只需要按需监测他们即可 但…

ubuntu搭建kms服务器

1.下载kms开源包(如果提示找不到wget命令的话:apt install wget): wget https://github.com/Wind4/vlmcsd/releases/download/svn1111/binaries.tar.gz2.解压: tar -xzvf binaries.tar.gz接着cd 进入 Linux/intel/static/ 文件夹下: 3.选择对应的文件&#xff0c;这里我们选…

第十篇:深入文件夹:Python中的文件管理和自动化技术

深入文件夹&#xff1a;Python中的文件管理和自动化技术 1 文件系统基础操作 在今天的技术博客中&#xff0c;我们将深入探讨Python中的文件系统基础操作。文件系统对于任何操作系统都是不可或缺的组成部分&#xff0c;它管理着数据的存储、检索以及维护。Python通过其标准库中…

NEO 学习之session7

文章目录 选项 A&#xff1a;它涉及学习标记数据。 选项 B&#xff1a;它需要预定义的输出标签进行训练。 选项 C&#xff1a;它涉及在未标记的数据中寻找模式和关系。 选项 D&#xff1a;它专注于根据输入-输出对进行预测。 答案&#xff1a;选项 C 描述了无监督学习的本质&am…

Codeforces Round 943 (Div. 3 ABCDEFG1G2题) 视频讲解

A. Maximize? Problem Statement You are given an integer x x x. Your task is to find any integer y y y ( 1 ≤ y < x ) (1\le y<x) (1≤y<x) such that gcd ⁡ ( x , y ) y \gcd(x,y)y gcd(x,y)y is maximum possible. Note that if there is more tha…

西门子V90参数移植方法

西门子V90参数移植方法 应用方面 由于设备老化损坏&#xff0c;需要更换V90驱动器&#xff0c;但是由于新驱动器与旧驱动器出现版本不一样时参数就会无法直接下载到新的驱动器里面&#xff0c;为了保证更换驱动器的稳定性最好能使用之前设备的参数&#xff0c;所以写了关于V9…