Vulnerability-Lookup

CVE-2020-9915 (GCVE-0-2020-9915)

Vulnerability from cvelistv5 – Published: 2020-10-16 16:47 – Updated: 2024-08-04 10:43

Summary

An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/HT211288	x_refsource_MISC
https://support.apple.com/HT211290	x_refsource_MISC
https://support.apple.com/HT211291	x_refsource_MISC
https://support.apple.com/HT211292	x_refsource_MISC
https://support.apple.com/HT211293	x_refsource_MISC
https://support.apple.com/HT211294	x_refsource_MISC
https://support.apple.com/HT211295	x_refsource_MISC

Impacted products

7 products

Vendor	Product	Version
Apple	iOS	Affected: unspecified , < iOS 13.6 and iPadOS 13.6 (custom)
Apple	tvOS	Affected: unspecified , < tvOS 13.4.8 (custom)
Apple	watchOS	Affected: unspecified , < watchOS 6.2.8 (custom)
Apple	Safari	Affected: unspecified , < Safari 13.1.2 (custom)
Apple	iTunes for Windows	Affected: unspecified , < iTunes 12.10.8 for Windows (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 11.3 (custom)
Apple	iCloud for Windows (Legacy)	Affected: unspecified , < iCloud for Windows 7.20 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:43:05.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211288"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211290"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211291"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211292"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211293"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211294"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211295"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.6 and iPadOS 13.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.4.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.2.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes 12.10.8 for Windows",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Legacy)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T16:47:00.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211288"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211290"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211291"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211292"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211293"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211294"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211295"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9915",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.6 and iPadOS 13.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.4.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.2.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes 12.10.8 for Windows"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Legacy)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211288",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211288"
            },
            {
              "name": "https://support.apple.com/HT211290",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211290"
            },
            {
              "name": "https://support.apple.com/HT211291",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211291"
            },
            {
              "name": "https://support.apple.com/HT211292",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211292"
            },
            {
              "name": "https://support.apple.com/HT211293",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211293"
            },
            {
              "name": "https://support.apple.com/HT211294",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211294"
            },
            {
              "name": "https://support.apple.com/HT211295",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211295"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9915",
    "datePublished": "2020-10-16T16:47:00.000Z",
    "dateReserved": "2020-03-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:43:05.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-9915",
      "date": "2026-05-20",
      "epss": "0.00775",
      "percentile": "0.73806"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"7.20\", \"matchCriteriaId\": \"5B3BB46F-F586-4A2B-91C6-4D3AA226B478\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.3\", \"matchCriteriaId\": \"354F932A-81A0-4C4F-91C0-8C76C72CC4E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"12.10.8\", \"matchCriteriaId\": \"B626717E-0DED-4C76-B92D-D58AB27EED01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1.2\", \"matchCriteriaId\": \"FD59E88E-E189-4CF4-9799-CDD961BAE933\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"87D68071-5235-4B50-90F0-B55B0C668840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4.8\", \"matchCriteriaId\": \"888463CA-9C67-46B2-B197-DDD3A668F980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.8\", \"matchCriteriaId\": \"494FA012-A268-42FC-B023-2A10817B1096\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.\"}, {\"lang\": \"es\", \"value\": \"Se present\\u00f3 un problema de acceso en la Pol\\u00edtica de Seguridad de Contenido.\u0026#xa0;Este problema es corregido con unas restricciones de acceso mejoradas.\u0026#xa0;Este problema es corregido en iOS versi\\u00f3n 13.6 y iPadOS versi\\u00f3n 13.6, tvOS versi\\u00f3n 13.4.8, watchOS versi\\u00f3n 6.2.8, Safari versi\\u00f3n 13.1.2, iTunes versi\\u00f3n 12.10.8 para Windows, iCloud para Windows versi\\u00f3n 11.3, iCloud para Windows versi\\u00f3n 7.20.\u0026#xa0;El procesamiento de contenido web creado maliciosamente puede evitar que se aplique la Pol\\u00edtica de Seguridad de Contenido\"}]",
      "id": "CVE-2020-9915",
      "lastModified": "2024-11-21T05:41:31.183",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-10-16T17:15:17.057",
      "references": "[{\"url\": \"https://support.apple.com/HT211288\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211290\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211291\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211292\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211293\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211294\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211295\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9915\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-16T17:15:17.057\",\"lastModified\":\"2024-11-21T05:41:31.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema de acceso en la Pol\u00edtica de Seguridad de Contenido.\u0026#xa0;Este problema es corregido con unas restricciones de acceso mejoradas.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 13.6 y iPadOS versi\u00f3n 13.6, tvOS versi\u00f3n 13.4.8, watchOS versi\u00f3n 6.2.8, Safari versi\u00f3n 13.1.2, iTunes versi\u00f3n 12.10.8 para Windows, iCloud para Windows versi\u00f3n 11.3, iCloud para Windows versi\u00f3n 7.20.\u0026#xa0;El procesamiento de contenido web creado maliciosamente puede evitar que se aplique la Pol\u00edtica de Seguridad de Contenido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.20\",\"matchCriteriaId\":\"5B3BB46F-F586-4A2B-91C6-4D3AA226B478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"354F932A-81A0-4C4F-91C0-8C76C72CC4E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.8\",\"matchCriteriaId\":\"B626717E-0DED-4C76-B92D-D58AB27EED01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1.2\",\"matchCriteriaId\":\"FD59E88E-E189-4CF4-9799-CDD961BAE933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"87D68071-5235-4B50-90F0-B55B0C668840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"0639A5DE-4A59-4F10-A0E7-F6B933E44D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4.8\",\"matchCriteriaId\":\"888463CA-9C67-46B2-B197-DDD3A668F980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.8\",\"matchCriteriaId\":\"494FA012-A268-42FC-B023-2A10817B1096\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211288\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211290\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211291\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211292\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211293\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211294\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211295\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 13.6
Apple	macOS	macOS Catalina versions antérieures à 10.15.6
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-004
Apple	N/A	iPadOS versions antérieures à 13.6
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-004
Apple	N/A	tvOS versions antérieures à 13.4.8
Apple	Safari	Safari versions antérieures à 13.1.2
Apple	N/A	watchOS versions antérieures à 6.2.8

References

Title

Publication Time

CERTFR-2020-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 13.6
Apple	macOS	macOS Catalina versions antérieures à 10.15.6
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-004
Apple	N/A	iPadOS versions antérieures à 13.6
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-004
Apple	N/A	tvOS versions antérieures à 13.4.8
Apple	Safari	Safari versions antérieures à 13.1.2
Apple	N/A	watchOS versions antérieures à 6.2.8

References

Title

Publication Time

alsa-2020:4451

Vulnerability from osv_almalinux

Published

2020-11-03 12:05

Modified

2021-11-12 10:20

Summary

Moderate: GNOME security, bug fix, and enhancement update

Details

GNOME is the default desktop environment of AlmaLinux.

The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)

Security Fix(es):

webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)
gnome-settings-daemon: AlmaLinux Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)
LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-4451.html	ADVISORY
	https://vulners.com/cve/CVE-2019-8625	REPORT
	https://vulners.com/cve/CVE-2019-8710	REPORT
	https://vulners.com/cve/CVE-2019-8720	REPORT
	https://vulners.com/cve/CVE-2019-8743	REPORT
	https://vulners.com/cve/CVE-2019-8764	REPORT
	https://vulners.com/cve/CVE-2019-8766	REPORT
	https://vulners.com/cve/CVE-2019-8769	REPORT
	https://vulners.com/cve/CVE-2019-8771	REPORT
	https://vulners.com/cve/CVE-2019-8782	REPORT
	https://vulners.com/cve/CVE-2019-8783	REPORT
	https://vulners.com/cve/CVE-2019-8808	REPORT
	https://vulners.com/cve/CVE-2019-8811	REPORT
	https://vulners.com/cve/CVE-2019-8812	REPORT
	https://vulners.com/cve/CVE-2019-8813	REPORT
	https://vulners.com/cve/CVE-2019-8814	REPORT
	https://vulners.com/cve/CVE-2019-8815	REPORT
	https://vulners.com/cve/CVE-2019-8816	REPORT
	https://vulners.com/cve/CVE-2019-8819	REPORT
	https://vulners.com/cve/CVE-2019-8820	REPORT
	https://vulners.com/cve/CVE-2019-8823	REPORT
	https://vulners.com/cve/CVE-2019-8835	REPORT
	https://vulners.com/cve/CVE-2019-8844	REPORT
	https://vulners.com/cve/CVE-2019-8846	REPORT
	https://vulners.com/cve/CVE-2020-10018	REPORT
	https://vulners.com/cve/CVE-2020-11793	REPORT
	https://vulners.com/cve/CVE-2020-14391	REPORT
	https://vulners.com/cve/CVE-2020-15503	REPORT
	https://vulners.com/cve/CVE-2020-3862	REPORT
	https://vulners.com/cve/CVE-2020-3864	REPORT
	https://vulners.com/cve/CVE-2020-3865	REPORT
	https://vulners.com/cve/CVE-2020-3867	REPORT
	https://vulners.com/cve/CVE-2020-3868	REPORT
	https://vulners.com/cve/CVE-2020-3885	REPORT
	https://vulners.com/cve/CVE-2020-3894	REPORT
	https://vulners.com/cve/CVE-2020-3895	REPORT
	https://vulners.com/cve/CVE-2020-3897	REPORT
	https://vulners.com/cve/CVE-2020-3899	REPORT
	https://vulners.com/cve/CVE-2020-3900	REPORT
	https://vulners.com/cve/CVE-2020-3901	REPORT
	https://vulners.com/cve/CVE-2020-3902	REPORT
	https://vulners.com/cve/CVE-2020-9802	REPORT
	https://vulners.com/cve/CVE-2020-9803	REPORT
	https://vulners.com/cve/CVE-2020-9805	REPORT
	https://vulners.com/cve/CVE-2020-9806	REPORT
	https://vulners.com/cve/CVE-2020-9807	REPORT
	https://vulners.com/cve/CVE-2020-9843	REPORT
	https://vulners.com/cve/CVE-2020-9850	REPORT
	https://vulners.com/cve/CVE-2020-9862	REPORT
	https://vulners.com/cve/CVE-2020-9893	REPORT
	https://vulners.com/cve/CVE-2020-9894	REPORT
	https://vulners.com/cve/CVE-2020-9895	REPORT
	https://vulners.com/cve/CVE-2020-9915	REPORT
	https://vulners.com/cve/CVE-2020-9925	REPORT
	https://vulners.com/cve/CVE-2020-9952	REPORT
	https://vulners.com/cve/CVE-2021-30666	REPORT
	https://vulners.com/cve/CVE-2021-30761	REPORT
	https://vulners.com/cve/CVE-2021-30762	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "LibRaw-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-command-not-found"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-cron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-glib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-glib-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-gstreamer-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "PackageKit-gtk3-module"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.12-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dleyna-renderer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "frei0r-plugins-opencv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-7.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-remote-desktop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.8-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gtk-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.28-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gvfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.36.2-10.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libsoup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.62.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libsoup-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.62.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mutter-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-48.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nautilus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-14.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nautilus-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.1-14.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire0.2-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.7-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pipewire0.2-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.7-6.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "potrace"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15-3.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "pygobject3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-gobject"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-gobject-base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.3-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tracker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tracker-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte-profile"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte291"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vte291-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.4-2.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webrtc-audio-processing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3-9.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "xdg-desktop-portal-gtk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)\n\n* gnome-settings-daemon: AlmaLinux Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n* LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4451",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2020-11-03T12:05:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4451.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8625"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8710"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8720"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8743"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8764"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8766"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8769"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8771"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8782"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8783"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8808"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8811"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8812"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8813"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8814"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8815"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8816"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8819"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8820"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8823"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8835"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8844"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-8846"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-10018"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11793"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14391"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-15503"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3862"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3864"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3865"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3867"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3868"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3885"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3894"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3895"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3897"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3899"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3900"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3901"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-3902"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9802"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9803"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9805"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9806"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9807"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9843"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9850"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9862"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9893"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9894"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9895"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9915"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9925"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-9952"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30666"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30761"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30762"
    }
  ],
  "related": [
    "CVE-2019-8625",
    "CVE-2019-8710",
    "CVE-2019-8720",
    "CVE-2019-8743",
    "CVE-2019-8764",
    "CVE-2019-8766",
    "CVE-2019-8769",
    "CVE-2019-8771",
    "CVE-2019-8782",
    "CVE-2019-8783",
    "CVE-2019-8808",
    "CVE-2019-8811",
    "CVE-2019-8812",
    "CVE-2019-8813",
    "CVE-2019-8814",
    "CVE-2019-8815",
    "CVE-2019-8816",
    "CVE-2019-8819",
    "CVE-2019-8820",
    "CVE-2019-8823",
    "CVE-2019-8835",
    "CVE-2019-8844",
    "CVE-2019-8846",
    "CVE-2020-3862",
    "CVE-2020-3864",
    "CVE-2020-3865",
    "CVE-2020-3867",
    "CVE-2020-3868",
    "CVE-2020-3885",
    "CVE-2020-3894",
    "CVE-2020-3895",
    "CVE-2020-3897",
    "CVE-2020-3899",
    "CVE-2020-3900",
    "CVE-2020-3901",
    "CVE-2020-3902",
    "CVE-2020-9802",
    "CVE-2020-9803",
    "CVE-2020-9805",
    "CVE-2020-9806",
    "CVE-2020-9807",
    "CVE-2020-9843",
    "CVE-2020-9850",
    "CVE-2020-9862",
    "CVE-2020-9893",
    "CVE-2020-9894",
    "CVE-2020-9895",
    "CVE-2020-9915",
    "CVE-2020-9925",
    "CVE-2020-10018",
    "CVE-2020-11793",
    "CVE-2020-14391",
    "CVE-2020-15503"
  ],
  "summary": "Moderate: GNOME security, bug fix, and enhancement update"
}

BDU:2023-03156

Vulnerability from fstec - Published: 16.10.2020

Title

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с небезопасным управлением привилегиями, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Description

Уязвимость модуля отображения веб-страниц WebKit браузера Apple Safari, операционных систем Apple Mac OS, iOS, iPadOS, watchOS и tvOS связана с небезопасным управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., Apple Inc.

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, iCloud, Safari, iPadOS, tvOS, watchOS, iOS, iTunes, WebKitGTK, WPE WebKit

Software Version

7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), до 7.20 (iCloud), от 11.0 до 11.3 (iCloud), до.13.1.2 (Safari), до 13.6 (iPadOS), до 13.4.8 (tvOS), до 6.2.8 (watchOS), 11 (Debian GNU/Linux), до 13.6 (iOS), 18.04 ESM (Ubuntu), до 12.10.8 (iTunes), до 2.28.4 (WebKitGTK), до 2.28.4 (WPE WebKit)

Possible Mitigations

Использование рекомендаций: Для WebKitGTK and WPE WebKit: https://webkitgtk.org/security/WSA-2020-0007.html Для программных продуктов Apple Inc.: https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2020-9915 Для Ubuntu: https://ubuntu.com/security/notices/USN-4444-1 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-9915

Reference

https://vuldb.com/?id.158668 https://www.cybersecurity-help.cz/vdb/SB2022081221 https://webkitgtk.org/security/WSA-2020-0007.html https://support.apple.com/HT211288 https://support.apple.com/HT211290 https://support.apple.com/HT211291 https://support.apple.com/HT211292 https://support.apple.com/HT211293 https://support.apple.com/HT211294 https://support.apple.com/HT211295 https://access.redhat.com/security/cve/CVE-2020-9915 https://ubuntu.com/security/notices/USN-4444-1 https://security-tracker.debian.org/tracker/CVE-2020-9915

CWE

CWE-264, CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Apple Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), \u0434\u043e 7.20 (iCloud), \u043e\u0442 11.0 \u0434\u043e 11.3 (iCloud), \u0434\u043e.13.1.2 (Safari), \u0434\u043e 13.6 (iPadOS), \u0434\u043e 13.4.8 (tvOS), \u0434\u043e 6.2.8 (watchOS), 11 (Debian GNU/Linux), \u0434\u043e 13.6 (iOS), 18.04 ESM (Ubuntu), \u0434\u043e 12.10.8 (iTunes), \u0434\u043e 2.28.4 (WebKitGTK), \u0434\u043e 2.28.4 (WPE WebKit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f WebKitGTK and WPE WebKit:\nhttps://webkitgtk.org/security/WSA-2020-0007.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple Inc.:\nhttps://support.apple.com/HT211288\nhttps://support.apple.com/HT211290\nhttps://support.apple.com/HT211291\nhttps://support.apple.com/HT211292\nhttps://support.apple.com/HT211293\nhttps://support.apple.com/HT211294\nhttps://support.apple.com/HT211295\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-9915\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4444-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-9915",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.10.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.06.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03156",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-9915",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, iCloud, Safari, iPadOS, tvOS, watchOS, iOS, iTunes, WebKitGTK, WPE WebKit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Apple Inc. iPadOS \u0434\u043e 13.6 , Apple Inc. tvOS \u0434\u043e 13.4.8 , Apple Inc. watchOS \u0434\u043e 6.2.8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Apple Inc. iOS \u0434\u043e 13.6 , Canonical Ltd. Ubuntu 18.04 ESM ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264), \u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKit \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Apple Safari, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Apple Mac OS, iOS, iPadOS, watchOS \u0438 tvOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/?id.158668\nhttps://www.cybersecurity-help.cz/vdb/SB2022081221\nhttps://webkitgtk.org/security/WSA-2020-0007.html\nhttps://support.apple.com/HT211288\nhttps://support.apple.com/HT211290\nhttps://support.apple.com/HT211291\nhttps://support.apple.com/HT211292\nhttps://support.apple.com/HT211293\nhttps://support.apple.com/HT211294\nhttps://support.apple.com/HT211295\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://ubuntu.com/security/notices/USN-4444-1\nhttps://security-tracker.debian.org/tracker/CVE-2020-9915",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264, CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2020-49308

Vulnerability from cnvd - Published: 2020-08-29

Title

多款Apple产品WebKit组件访问漏洞

Description

Apple Safari等都是美国苹果（Apple）公司的产品。Apple Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。多款Apple产品中的WebKit组件存在安全漏洞。攻击者可借助恶意制作的Web内容利用该漏洞绕过内容安全策略。

Severity

中

Patch Name

多款Apple产品WebKit组件访问漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT211292 https://support.apple.com/zh-cn/HT211288 https://support.apple.com/zh-cn/HT211290 https://support.apple.com/zh-cn/HT211291

Reference

https://support.apple.com/kb/HT211292

Impacted products

Name
['Apple iOS <13.6', 'Apple iPadOS <13.6', 'Apple tvOS <13.4.8', 'Apple Safari <13.1.2', 'Apple iTunes for Windows <12.10.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9915"
    }
  },
  "description": "Apple Safari\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684Web\u5185\u5bb9\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5185\u5bb9\u5b89\u5168\u7b56\u7565\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT211292\r\nhttps://support.apple.com/zh-cn/HT211288\r\nhttps://support.apple.com/zh-cn/HT211290\r\nhttps://support.apple.com/zh-cn/HT211291",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-49308",
  "openTime": "2020-08-29",
  "patchDescription": "Apple Safari\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u5236\u4f5c\u7684Web\u5185\u5bb9\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5185\u5bb9\u5b89\u5168\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c13.6",
      "Apple iPadOS \u003c13.6",
      "Apple tvOS \u003c13.4.8",
      "Apple  Safari \u003c13.1.2",
      "Apple iTunes for Windows \u003c12.10.8"
    ]
  },
  "referenceLink": "https://support.apple.com/kb/HT211292",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-16",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u8bbf\u95ee\u6f0f\u6d1e"
}

FKIE_CVE-2020-9915

Vulnerability from fkie_nvd - Published: 2020-10-16 17:15 - Updated: 2024-11-21 05:41

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211288	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211290	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211291	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211292	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211293	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211294	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211295	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211288	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211290	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211291	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211292	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211293	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211294	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211295	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	icloud	*
apple	itunes	*
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5B3BB46F-F586-4A2B-91C6-4D3AA226B478",
              "versionEndExcluding": "7.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "354F932A-81A0-4C4F-91C0-8C76C72CC4E1",
              "versionEndExcluding": "11.3",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B626717E-0DED-4C76-B92D-D58AB27EED01",
              "versionEndExcluding": "12.10.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD59E88E-E189-4CF4-9799-CDD961BAE933",
              "versionEndExcluding": "13.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D68071-5235-4B50-90F0-B55B0C668840",
              "versionEndExcluding": "13.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0639A5DE-4A59-4F10-A0E7-F6B933E44D47",
              "versionEndExcluding": "13.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "888463CA-9C67-46B2-B197-DDD3A668F980",
              "versionEndExcluding": "13.4.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "494FA012-A268-42FC-B023-2A10817B1096",
              "versionEndExcluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
    },
    {
      "lang": "es",
      "value": "Se present\u00f3 un problema de acceso en la Pol\u00edtica de Seguridad de Contenido.\u0026#xa0;Este problema es corregido con unas restricciones de acceso mejoradas.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 13.6 y iPadOS versi\u00f3n 13.6, tvOS versi\u00f3n 13.4.8, watchOS versi\u00f3n 6.2.8, Safari versi\u00f3n 13.1.2, iTunes versi\u00f3n 12.10.8 para Windows, iCloud para Windows versi\u00f3n 11.3, iCloud para Windows versi\u00f3n 7.20.\u0026#xa0;El procesamiento de contenido web creado maliciosamente puede evitar que se aplique la Pol\u00edtica de Seguridad de Contenido"
    }
  ],
  "id": "CVE-2020-9915",
  "lastModified": "2024-11-21T05:41:31.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-16T17:15:17.057",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211288"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211290"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211291"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211292"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211293"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211294"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211295"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9P56-8H6V-343M

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-01-09 18:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9915"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",
  "id": "GHSA-9p56-8h6v-343m",
  "modified": "2023-01-09T18:30:26Z",
  "published": "2022-05-24T17:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9915"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211290"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211291"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211292"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211293"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211294"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-9915

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9915

Aliases

CVE-2020-9915

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9915",
    "description": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",
    "id": "GSD-2020-9915",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-9915.html",
      "https://www.debian.org/security/2020/dsa-4739",
      "https://access.redhat.com/errata/RHSA-2020:4451",
      "https://ubuntu.com/security/CVE-2020-9915",
      "https://linux.oracle.com/cve/CVE-2020-9915.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9915"
      ],
      "details": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",
      "id": "GSD-2020-9915",
      "modified": "2023-12-13T01:21:52.704469Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9915",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.6 and iPadOS 13.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "tvOS 13.4.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "watchOS 6.2.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "Safari 13.1.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iTunes for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iTunes 12.10.8 for Windows"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iCloud for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 11.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iCloud for Windows (Legacy)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 7.20"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211288",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211288"
          },
          {
            "name": "https://support.apple.com/HT211290",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211290"
          },
          {
            "name": "https://support.apple.com/HT211291",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211291"
          },
          {
            "name": "https://support.apple.com/HT211292",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211292"
          },
          {
            "name": "https://support.apple.com/HT211293",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211293"
          },
          {
            "name": "https://support.apple.com/HT211294",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211294"
          },
          {
            "name": "https://support.apple.com/HT211295",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211295"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9915"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211288",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211288"
            },
            {
              "name": "https://support.apple.com/HT211290",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211290"
            },
            {
              "name": "https://support.apple.com/HT211291",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211291"
            },
            {
              "name": "https://support.apple.com/HT211292",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211292"
            },
            {
              "name": "https://support.apple.com/HT211293",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211293"
            },
            {
              "name": "https://support.apple.com/HT211294",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211294"
            },
            {
              "name": "https://support.apple.com/HT211295",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211295"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2020-10-16T17:15Z"
    }
  }
}

OPENSUSE-SU-2020:1256-1

Vulnerability from csaf_opensuse - Published: 2020-08-24 18:19 - Updated: 2020-08-24 18:19

Summary

Security update for webkit2gtk3

Severity

Important

Notes

Title of the patch: Security update for webkit2gtk3

Description of the patch: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2020-1256

CVE-2020-9862

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9893

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9894

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9895

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9915

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9925

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64	—	Vendor Fix

Threats

Impact important

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1174662	self
https://www.suse.com/security/cve/CVE-2020-9862/	self
https://www.suse.com/security/cve/CVE-2020-9893/	self
https://www.suse.com/security/cve/CVE-2020-9894/	self
https://www.suse.com/security/cve/CVE-2020-9895/	self
https://www.suse.com/security/cve/CVE-2020-9915/	self
https://www.suse.com/security/cve/CVE-2020-9925/	self
https://www.suse.com/security/cve/CVE-2020-9862	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9893	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9894	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9895	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9915	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9925	external
https://bugzilla.suse.com/1174662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for webkit2gtk3",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for webkit2gtk3 fixes the following issues:\n\n- Update to version 2.28.4 (bsc#1174662):\n  + Fix several crashes and rendering issues.\n  + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n    CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1256",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1256-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1256-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DHP5PSRB6P6HQHCNMY75J76LLTLPQEB2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1256-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DHP5PSRB6P6HQHCNMY75J76LLTLPQEB2/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174662",
        "url": "https://bugzilla.suse.com/1174662"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9862 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9862/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9893 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9893/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9894 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9894/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9895 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9895/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9915 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9925 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9925/"
      }
    ],
    "title": "Security update for webkit2gtk3",
    "tracking": {
      "current_release_date": "2020-08-24T18:19:46Z",
      "generator": {
        "date": "2020-08-24T18:19:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1256-1",
      "initial_release_date": "2020-08-24T18:19:46Z",
      "revision_history": [
        {
          "date": "2020-08-24T18:19:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
                  "product_id": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
                  "product_id": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
                  "product_id": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
                  "product_id": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
                  "product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
                  "product_id": "webkit-jsc-4-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
                  "product_id": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
                  "product_id": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
                "product": {
                  "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
                  "product_id": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
                "product": {
                  "name": "libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
                  "product_id": "libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64",
                "product": {
                  "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64",
                  "product_id": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch"
        },
        "product_reference": "libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586"
        },
        "product_reference": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        },
        "product_reference": "webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-9862",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9862"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9862",
          "url": "https://www.suse.com/security/cve/CVE-2020-9862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9862",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9862"
    },
    {
      "cve": "CVE-2020-9893",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9893"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9893",
          "url": "https://www.suse.com/security/cve/CVE-2020-9893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9893",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9893"
    },
    {
      "cve": "CVE-2020-9894",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9894"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9894",
          "url": "https://www.suse.com/security/cve/CVE-2020-9894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9894",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9894"
    },
    {
      "cve": "CVE-2020-9895",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9895"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9895",
          "url": "https://www.suse.com/security/cve/CVE-2020-9895"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9895",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9895"
    },
    {
      "cve": "CVE-2020-9915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9915",
          "url": "https://www.suse.com/security/cve/CVE-2020-9915"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9915",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9915"
    },
    {
      "cve": "CVE-2020-9925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
          "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9925",
          "url": "https://www.suse.com/security/cve/CVE-2020-9925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9925",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.4-lp151.2.24.3.noarch",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit-jsc-4-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-devel-2.28.4-lp151.2.24.3.x86_64",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.i586",
            "openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-24T18:19:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9925"
    }
  ]
}

OPENSUSE-SU-2020:1275-1

Vulnerability from csaf_opensuse - Published: 2020-08-27 16:22 - Updated: 2020-08-27 16:22

Summary

Security update for webkit2gtk3

Severity

Important

Notes

Title of the patch: Security update for webkit2gtk3

Patchnames: openSUSE-2020-1275

CVE-2020-9862

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9893

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9894

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9895

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9915

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-9925

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64	—	Vendor Fix

Threats

Impact important

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1174662	self
https://www.suse.com/security/cve/CVE-2020-9862/	self
https://www.suse.com/security/cve/CVE-2020-9893/	self
https://www.suse.com/security/cve/CVE-2020-9894/	self
https://www.suse.com/security/cve/CVE-2020-9895/	self
https://www.suse.com/security/cve/CVE-2020-9915/	self
https://www.suse.com/security/cve/CVE-2020-9925/	self
https://www.suse.com/security/cve/CVE-2020-9862	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9893	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9894	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9895	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9915	external
https://bugzilla.suse.com/1174662	external
https://www.suse.com/security/cve/CVE-2020-9925	external
https://bugzilla.suse.com/1174662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for webkit2gtk3",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for webkit2gtk3 fixes the following issues:\n\n- Update to version 2.28.4 (bsc#1174662):\n  + Fix several crashes and rendering issues.\n  + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,\n    CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1275",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1275-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1275-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HSYHJSOAT52BOF2K6K3RLYFHUAZSWXXJ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1275-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HSYHJSOAT52BOF2K6K3RLYFHUAZSWXXJ/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174662",
        "url": "https://bugzilla.suse.com/1174662"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9862 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9862/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9893 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9893/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9894 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9894/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9895 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9895/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9915 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-9925 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-9925/"
      }
    ],
    "title": "Security update for webkit2gtk3",
    "tracking": {
      "current_release_date": "2020-08-27T16:22:43Z",
      "generator": {
        "date": "2020-08-27T16:22:43Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1275-1",
      "initial_release_date": "2020-08-27T16:22:43Z",
      "revision_history": [
        {
          "date": "2020-08-27T16:22:43Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
                  "product_id": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
                  "product_id": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
                  "product_id": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
                  "product_id": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
                  "product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
                  "product_id": "webkit-jsc-4-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
                  "product_id": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
                  "product_id": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
                "product": {
                  "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
                  "product_id": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
                "product": {
                  "name": "libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
                  "product_id": "libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64",
                "product": {
                  "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64",
                  "product_id": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch"
        },
        "product_reference": "libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586"
        },
        "product_reference": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        },
        "product_reference": "webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-9862",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9862"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9862",
          "url": "https://www.suse.com/security/cve/CVE-2020-9862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9862",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9862"
    },
    {
      "cve": "CVE-2020-9893",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9893"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9893",
          "url": "https://www.suse.com/security/cve/CVE-2020-9893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9893",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9893"
    },
    {
      "cve": "CVE-2020-9894",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9894"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9894",
          "url": "https://www.suse.com/security/cve/CVE-2020-9894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9894",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9894"
    },
    {
      "cve": "CVE-2020-9895",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9895"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9895",
          "url": "https://www.suse.com/security/cve/CVE-2020-9895"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9895",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9895"
    },
    {
      "cve": "CVE-2020-9915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9915",
          "url": "https://www.suse.com/security/cve/CVE-2020-9915"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9915",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9915"
    },
    {
      "cve": "CVE-2020-9925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-9925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
          "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-9925",
          "url": "https://www.suse.com/security/cve/CVE-2020-9925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174662 for CVE-2020-9925",
          "url": "https://bugzilla.suse.com/1174662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.28.4-lp152.2.4.3.noarch",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit-jsc-4-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-devel-2.28.4-lp152.2.4.3.x86_64",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.i586",
            "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-27T16:22:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-9925"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9915 (GCVE-0-2020-9915)

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature