Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-1844 (GCVE-0-2021-1844)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:07 – Updated: 2024-08-03 16:25
VLAI?
EPSS
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT212220 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212221 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212222 | x_refsource_MISC |
| https://support.apple.com/en-us/HT212223 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.apple.com/kb/HT212323 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2021/Apr/55 | mailing-listx_refsource_FULLDISC |
| https://www.debian.org/security/2021/dsa-4923 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:25:05.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212220"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212223"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212323"
},
{
"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"name": "DSA-4923",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-30T23:06:11.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212220"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212223"
},
{
"name": "FEDORA-2021-864dc37032",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212323"
},
{
"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"name": "DSA-4923",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212220",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212220"
},
{
"name": "https://support.apple.com/en-us/HT212221",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212221"
},
{
"name": "https://support.apple.com/en-us/HT212222",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212222"
},
{
"name": "https://support.apple.com/en-us/HT212223",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212223"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "https://support.apple.com/kb/HT212323",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212323"
},
{
"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"name": "DSA-4923",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-1844",
"datePublished": "2021-04-02T18:07:12.000Z",
"dateReserved": "2020-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:25:05.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-1844",
"date": "2026-05-22",
"epss": "0.014",
"percentile": "0.80657"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.0.3\", \"matchCriteriaId\": \"B785B3FD-A576-4AF5-8500-D1D08D0F4910\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.4.1\", \"matchCriteriaId\": \"86ABF921-40E8-4E64-A660-FD701FF3A28B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.4.1\", \"matchCriteriaId\": \"178AE56C-9561-4750-9956-7CCC4E9F0590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.2.3\", \"matchCriteriaId\": \"C186CD0A-4A01-481B-A2C4-0B1662BB79BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.5\", \"matchCriteriaId\": \"D5B77841-F161-47AB-8043-3E0346E3AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.3.2\", \"matchCriteriaId\": \"8E57CE62-4568-4B9C-ADC1-E9E03FAF8998\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de corrupci\\u00f3n de memoria con una comprobaci\\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\\u00f3n 14.4.1 y iPadOS versi\\u00f3n 14.4.1, Safari versi\\u00f3n 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versi\\u00f3n 7.3.2, macOS Big Sur versi\\u00f3n 11.2.3.\u0026#xa0;El procesamiento de contenido web dise\\u00f1ado malicioso puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo arbitraria.\"}]",
"id": "CVE-2021-1844",
"lastModified": "2024-11-21T05:45:13.127",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-04-02T19:15:20.477",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2021/Apr/55\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212220\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212221\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212222\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212223\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212323\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4923\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2021/Apr/55\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT212220\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212223\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-1844\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-04-02T19:15:20.477\",\"lastModified\":\"2024-11-21T05:45:13.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una comprobaci\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 14.4.1 y iPadOS versi\u00f3n 14.4.1, Safari versi\u00f3n 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versi\u00f3n 7.3.2, macOS Big Sur versi\u00f3n 11.2.3.\u0026#xa0;El procesamiento de contenido web dise\u00f1ado malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.0.3\",\"matchCriteriaId\":\"B785B3FD-A576-4AF5-8500-D1D08D0F4910\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4.1\",\"matchCriteriaId\":\"86ABF921-40E8-4E64-A660-FD701FF3A28B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4.1\",\"matchCriteriaId\":\"178AE56C-9561-4750-9956-7CCC4E9F0590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.3\",\"matchCriteriaId\":\"C186CD0A-4A01-481B-A2C4-0B1662BB79BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.5\",\"matchCriteriaId\":\"D5B77841-F161-47AB-8043-3E0346E3AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"8E57CE62-4568-4B9C-ADC1-E9E03FAF8998\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/55\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212220\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212221\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212222\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212223\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212323\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4923\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/55\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-173
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.0.3 avec le dernier correctif",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-173",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212220 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212220"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212222 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212223 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212223"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212221 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212221"
}
]
}
CERTFR-2021-AVI-314
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Safari versions antérieures à 14.1 | ||
| Apple | macOS | macOS Mojave sans le correctif de sécurité 2021-003 | ||
| Apple | N/A | tvOS versions antérieures à 14.5 | ||
| Apple | macOS | macOS Big Sur versions antérieures à 11.3 | ||
| Apple | N/A | iTunes versions antérieures à 12.11.3 sur Windows | ||
| Apple | N/A | watchOS versions antérieures à 7.4 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 12.3 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 14.5 | ||
| Apple | macOS | macOS Catalina sans le correctif de sécurité 2021-002 | ||
| Apple | N/A | Xcode versions antérieures à 12.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-003",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 14.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.11.3 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 14.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1815"
},
{
"name": "CVE-2021-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1835"
},
{
"name": "CVE-2021-1853",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1853"
},
{
"name": "CVE-2021-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1784"
},
{
"name": "CVE-2020-3838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
},
{
"name": "CVE-2021-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1855"
},
{
"name": "CVE-2021-1831",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1831"
},
{
"name": "CVE-2021-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1839"
},
{
"name": "CVE-2021-1857",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1857"
},
{
"name": "CVE-2021-1847",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1847"
},
{
"name": "CVE-2021-1877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1877"
},
{
"name": "CVE-2021-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1829"
},
{
"name": "CVE-2021-1854",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1854"
},
{
"name": "CVE-2021-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1861"
},
{
"name": "CVE-2021-1830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1830"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-30657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30657"
},
{
"name": "CVE-2021-1828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1828"
},
{
"name": "CVE-2021-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1811"
},
{
"name": "CVE-2021-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
},
{
"name": "CVE-2021-1820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
},
{
"name": "CVE-2020-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
},
{
"name": "CVE-2021-30655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30655"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2021-1810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1810"
},
{
"name": "CVE-2021-1880",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1880"
},
{
"name": "CVE-2021-1884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
},
{
"name": "CVE-2021-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1852"
},
{
"name": "CVE-2021-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1813"
},
{
"name": "CVE-2021-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1837"
},
{
"name": "CVE-2021-1875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1875"
},
{
"name": "CVE-2021-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1860"
},
{
"name": "CVE-2021-1826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
},
{
"name": "CVE-2021-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
},
{
"name": "CVE-2021-1851",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1851"
},
{
"name": "CVE-2021-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
},
{
"name": "CVE-2021-21300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21300"
},
{
"name": "CVE-2021-1814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1814"
},
{
"name": "CVE-2021-1865",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1865"
},
{
"name": "CVE-2021-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
},
{
"name": "CVE-2021-1822",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1822"
},
{
"name": "CVE-2021-30661",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
},
{
"name": "CVE-2021-1872",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1872"
},
{
"name": "CVE-2021-1816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1816"
},
{
"name": "CVE-2021-1843",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1843"
},
{
"name": "CVE-2021-1868",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1868"
},
{
"name": "CVE-2021-30658",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30658"
},
{
"name": "CVE-2021-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1836"
},
{
"name": "CVE-2021-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1739"
},
{
"name": "CVE-2021-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1864"
},
{
"name": "CVE-2021-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1840"
},
{
"name": "CVE-2021-1874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1874"
},
{
"name": "CVE-2021-1808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1808"
},
{
"name": "CVE-2021-1832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1832"
},
{
"name": "CVE-2021-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1882"
},
{
"name": "CVE-2021-1883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
},
{
"name": "CVE-2021-1881",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1881"
},
{
"name": "CVE-2021-1876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1876"
},
{
"name": "CVE-2021-1878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1878"
},
{
"name": "CVE-2021-1809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1809"
},
{
"name": "CVE-2021-30656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30656"
},
{
"name": "CVE-2021-1873",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1873"
},
{
"name": "CVE-2021-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1846"
},
{
"name": "CVE-2021-1885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1885"
},
{
"name": "CVE-2021-1841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1841"
},
{
"name": "CVE-2021-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1740"
},
{
"name": "CVE-2021-30653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30653"
},
{
"name": "CVE-2021-1867",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1867"
},
{
"name": "CVE-2021-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1806"
},
{
"name": "CVE-2021-1858",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1858"
},
{
"name": "CVE-2021-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1859"
},
{
"name": "CVE-2021-30660",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30660"
},
{
"name": "CVE-2021-30652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30652"
},
{
"name": "CVE-2021-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1848"
},
{
"name": "CVE-2020-7463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7463"
},
{
"name": "CVE-2020-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27942"
},
{
"name": "CVE-2021-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1824"
},
{
"name": "CVE-2021-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1834"
},
{
"name": "CVE-2021-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1849"
},
{
"name": "CVE-2021-1805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1805"
},
{
"name": "CVE-2021-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1807"
},
{
"name": "CVE-2021-30659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30659"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-314",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212325 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212325"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212327 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212327"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212317 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212317"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212318 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212318"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212324 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212324"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212326 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212326"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212319 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212319"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212323 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212323"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212320 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212320"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212321 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212321"
}
]
}
CERTFR-2021-AVI-173
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.0.3 avec le dernier correctif",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-173",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Apple. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212220 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212220"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212222 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212223 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212223"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212221 du 08 mars 2021",
"url": "https://support.apple.com/fr-fr/HT212221"
}
]
}
CERTFR-2021-AVI-314
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Safari versions antérieures à 14.1 | ||
| Apple | macOS | macOS Mojave sans le correctif de sécurité 2021-003 | ||
| Apple | N/A | tvOS versions antérieures à 14.5 | ||
| Apple | macOS | macOS Big Sur versions antérieures à 11.3 | ||
| Apple | N/A | iTunes versions antérieures à 12.11.3 sur Windows | ||
| Apple | N/A | watchOS versions antérieures à 7.4 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 12.3 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 14.5 | ||
| Apple | macOS | macOS Catalina sans le correctif de sécurité 2021-002 | ||
| Apple | N/A | Xcode versions antérieures à 12.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 14.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-003",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 14.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.11.3 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 14.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-002",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1815"
},
{
"name": "CVE-2021-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1835"
},
{
"name": "CVE-2021-1853",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1853"
},
{
"name": "CVE-2021-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1784"
},
{
"name": "CVE-2020-3838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
},
{
"name": "CVE-2021-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1855"
},
{
"name": "CVE-2021-1831",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1831"
},
{
"name": "CVE-2021-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1839"
},
{
"name": "CVE-2021-1857",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1857"
},
{
"name": "CVE-2021-1847",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1847"
},
{
"name": "CVE-2021-1877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1877"
},
{
"name": "CVE-2021-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1829"
},
{
"name": "CVE-2021-1854",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1854"
},
{
"name": "CVE-2021-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1861"
},
{
"name": "CVE-2021-1830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1830"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-30657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30657"
},
{
"name": "CVE-2021-1828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1828"
},
{
"name": "CVE-2021-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1811"
},
{
"name": "CVE-2021-1844",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
},
{
"name": "CVE-2021-1820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
},
{
"name": "CVE-2020-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
},
{
"name": "CVE-2021-30655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30655"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2021-1810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1810"
},
{
"name": "CVE-2021-1880",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1880"
},
{
"name": "CVE-2021-1884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
},
{
"name": "CVE-2021-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1852"
},
{
"name": "CVE-2021-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1813"
},
{
"name": "CVE-2021-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1837"
},
{
"name": "CVE-2021-1875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1875"
},
{
"name": "CVE-2021-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1860"
},
{
"name": "CVE-2021-1826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
},
{
"name": "CVE-2021-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
},
{
"name": "CVE-2021-1851",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1851"
},
{
"name": "CVE-2021-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
},
{
"name": "CVE-2021-21300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21300"
},
{
"name": "CVE-2021-1814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1814"
},
{
"name": "CVE-2021-1865",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1865"
},
{
"name": "CVE-2021-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
},
{
"name": "CVE-2021-1822",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1822"
},
{
"name": "CVE-2021-30661",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
},
{
"name": "CVE-2021-1872",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1872"
},
{
"name": "CVE-2021-1816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1816"
},
{
"name": "CVE-2021-1843",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1843"
},
{
"name": "CVE-2021-1868",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1868"
},
{
"name": "CVE-2021-30658",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30658"
},
{
"name": "CVE-2021-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1836"
},
{
"name": "CVE-2021-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1739"
},
{
"name": "CVE-2021-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1864"
},
{
"name": "CVE-2021-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1840"
},
{
"name": "CVE-2021-1874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1874"
},
{
"name": "CVE-2021-1808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1808"
},
{
"name": "CVE-2021-1832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1832"
},
{
"name": "CVE-2021-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1882"
},
{
"name": "CVE-2021-1883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
},
{
"name": "CVE-2021-1881",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1881"
},
{
"name": "CVE-2021-1876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1876"
},
{
"name": "CVE-2021-1878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1878"
},
{
"name": "CVE-2021-1809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1809"
},
{
"name": "CVE-2021-30656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30656"
},
{
"name": "CVE-2021-1873",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1873"
},
{
"name": "CVE-2021-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1846"
},
{
"name": "CVE-2021-1885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1885"
},
{
"name": "CVE-2021-1841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1841"
},
{
"name": "CVE-2021-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1740"
},
{
"name": "CVE-2021-30653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30653"
},
{
"name": "CVE-2021-1867",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1867"
},
{
"name": "CVE-2021-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1806"
},
{
"name": "CVE-2021-1858",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1858"
},
{
"name": "CVE-2021-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1859"
},
{
"name": "CVE-2021-30660",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30660"
},
{
"name": "CVE-2021-30652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30652"
},
{
"name": "CVE-2021-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1848"
},
{
"name": "CVE-2020-7463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7463"
},
{
"name": "CVE-2020-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27942"
},
{
"name": "CVE-2021-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1824"
},
{
"name": "CVE-2021-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1834"
},
{
"name": "CVE-2021-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1849"
},
{
"name": "CVE-2021-1805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1805"
},
{
"name": "CVE-2021-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1807"
},
{
"name": "CVE-2021-30659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30659"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-314",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212325 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212325"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212327 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212327"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212317 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212317"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212318 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212318"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212324 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212324"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212326 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212326"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212319 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212319"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212323 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212323"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212320 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212320"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212321 du 26 avril 2021",
"url": "https://support.apple.com/fr-fr/HT212321"
}
]
}
alsa-2021:4381
Vulnerability from osv_almalinux
Published
2021-11-09 09:15
Modified
2021-11-12 10:21
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details
GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
-
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
-
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
-
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
-
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
-
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
-
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
-
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
-
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
-
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
-
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
-
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
-
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
-
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
-
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
-
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
-
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
-
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "LibRaw-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gdm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:40.0-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-autoar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-calculator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-classic-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-control-center-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-28.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-online-accounts-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-kiosk-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-wayland-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-session-xsession"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-13.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-settings-daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-16.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-40.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-apps-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-auto-move-windows"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-dash-to-dock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-desktop-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-disable-screenshield"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-drive-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-gesture-inhibitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-horizontal-workspaces"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-launch-new-instance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-native-window-placement"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-no-hot-corner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-panel-favorites"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-places-menu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-screenshot-window-sizer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-systemMonitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-top-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-updates-dialog"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-user-theme"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-grouper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-window-list"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-windowsNavigator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-shell-extension-workspace-indicator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.1-20.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-software-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.1-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gsettings-desktop-schemas-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk-update-icon-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk3-immodule-xim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.30-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-60.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vino"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.3-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4381",
"modified": "2021-11-12T10:21:01Z",
"published": "2021-11-09T09:15:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4381.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13558"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-24870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27918"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-29623"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36241"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1765"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1788"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1789"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1799"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1801"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1844"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1870"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1871"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21775"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21779"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21806"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-28650"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30663"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30665"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30682"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30689"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30720"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30734"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30744"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30749"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30758"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30795"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30797"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30799"
}
],
"related": [
"CVE-2020-13558",
"CVE-2020-24870",
"CVE-2020-27918",
"CVE-2021-1765",
"CVE-2021-1788",
"CVE-2021-1789",
"CVE-2021-1799",
"CVE-2021-1801",
"CVE-2021-1844",
"CVE-2021-1870",
"CVE-2021-1871",
"CVE-2021-21775",
"CVE-2021-21779",
"CVE-2021-21806",
"CVE-2021-30663",
"CVE-2021-30665",
"CVE-2021-30682",
"CVE-2021-30689",
"CVE-2021-30720",
"CVE-2021-30734",
"CVE-2021-30744",
"CVE-2021-30749",
"CVE-2021-30758",
"CVE-2021-30795",
"CVE-2021-30797",
"CVE-2021-30799",
"CVE-2020-29623",
"CVE-2020-36241",
"CVE-2020-36241",
"CVE-2021-28650"
],
"summary": "Moderate: GNOME security, bug fix, and enhancement update"
}
BDU:2021-01941
Vulnerability from fstec - Published: 08.03.2021
VLAI Severity ?
Title
Уязвимость модуля отображения веб-страниц WebKitGTK браузера Apple Safari, связанная с недостаточной проверкой входных данных веб-контента, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модуля отображения веб-страниц WebKitGTK браузера Apple Safari связана с недостаточной проверкой входных данных веб-контента. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью специально созданной вредоносной веб-страницы
Severity ?
Vendor
Red Hat Inc., Fedora Project, Сообщество свободного программного обеспечения, Apple Inc., АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Fedora, WebKitGTK, iOS, iPadOS, MacOS, watchOS, Safari, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 33 (Fedora), до 2.32.0 (WebKitGTK), до 14.4 (iOS), до 14.4 (iPadOS), Big Sur до 11.2 (MacOS), до 7.3.2 (watchOS), до 14.0.3 (Safari), до 2.1 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для WebKitGTK:
https://webkitgtk.org/security/WSA-2021-0003.html
Для программных продуктов Apple:
https://support.apple.com/en-us/HT212220
https://support.apple.com/en-us/HT212221
https://support.apple.com/en-us/HT212222
https://support.apple.com/en-us/HT212223
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Для программных продуктов Red Hat:
https://access.redhat.com/security/cve/cve-2021-1844
Для ОСОН Основа:
Обновление программного обеспечения webkit2gtk до версии 2.32.3-1~deb10u1
Reference
https://webkitgtk.org/security/WSA-2021-0003.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://support.apple.com/en-us/HT212220
https://support.apple.com/en-us/HT212221
https://support.apple.com/en-us/HT212222
https://support.apple.com/en-us/HT212223
https://www.securitylab.ru/vulnerability/517217.php
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
https://access.redhat.com/security/cve/cve-2021-1844
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
CWE
CWE-20, CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Apple Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 33 (Fedora), \u0434\u043e 2.32.0 (WebKitGTK), \u0434\u043e 14.4 (iOS), \u0434\u043e 14.4 (iPadOS), Big Sur \u0434\u043e 11.2 (MacOS), \u0434\u043e 7.3.2 (watchOS), \u0434\u043e 14.0.3 (Safari), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f WebKitGTK:\nhttps://webkitgtk.org/security/WSA-2021-0003.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple:\nhttps://support.apple.com/en-us/HT212220 \nhttps://support.apple.com/en-us/HT212221 \nhttps://support.apple.com/en-us/HT212222 \nhttps://support.apple.com/en-us/HT212223\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/cve-2021-1844\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.32.3-1~deb10u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.04.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01941",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-1844",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Fedora, WebKitGTK, iOS, iPadOS, MacOS, watchOS, Safari, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 33 , Apple Inc. iOS \u0434\u043e 14.4 , Apple Inc. iPadOS \u0434\u043e 14.4 , Apple Inc. MacOS Big Sur \u0434\u043e 11.2 , Apple Inc. watchOS \u0434\u043e 7.3.2 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Apple Safari, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Apple Safari \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://webkitgtk.org/security/WSA-2021-0003.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ \nhttps://support.apple.com/en-us/HT212220 \nhttps://support.apple.com/en-us/HT212221 \nhttps://support.apple.com/en-us/HT212222 \nhttps://support.apple.com/en-us/HT212223\nhttps://www.securitylab.ru/vulnerability/517217.php\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-1871\nhttps://access.redhat.com/security/cve/cve-2021-1844\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2021-1844
Vulnerability from fkie_nvd - Published: 2021-04-02 19:15 - Updated: 2024-11-21 05:45
Severity ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://seclists.org/fulldisclosure/2021/Apr/55 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ | ||
| product-security@apple.com | https://support.apple.com/en-us/HT212220 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT212221 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT212222 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT212223 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT212323 | Vendor Advisory | |
| product-security@apple.com | https://www.debian.org/security/2021/dsa-4923 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Apr/55 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212220 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212222 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212323 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4923 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B785B3FD-A576-4AF5-8500-D1D08D0F4910",
"versionEndExcluding": "14.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86ABF921-40E8-4E64-A660-FD701FF3A28B",
"versionEndExcluding": "14.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "178AE56C-9561-4750-9956-7CCC4E9F0590",
"versionEndExcluding": "14.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C186CD0A-4A01-481B-A2C4-0B1662BB79BB",
"versionEndExcluding": "11.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B77841-F161-47AB-8043-3E0346E3AA25",
"versionEndExcluding": "14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E57CE62-4568-4B9C-ADC1-E9E03FAF8998",
"versionEndExcluding": "7.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una comprobaci\u00f3n mejorada.\u0026#xa0;Este problema es corregido en iOS versi\u00f3n 14.4.1 y iPadOS versi\u00f3n 14.4.1, Safari versi\u00f3n 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versi\u00f3n 7.3.2, macOS Big Sur versi\u00f3n 11.2.3.\u0026#xa0;El procesamiento de contenido web dise\u00f1ado malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria."
}
],
"id": "CVE-2021-1844",
"lastModified": "2024-11-21T05:45:13.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-02T19:15:20.477",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212220"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212221"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212222"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212223"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212323"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-7J8F-PRMH-229C
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI?
Details
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2021-1844"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T19:15:00Z",
"severity": "HIGH"
},
"details": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-7j8f-prmh-229c",
"modified": "2022-05-24T17:46:23Z",
"published": "2022-05-24T17:46:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1844"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212220"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212221"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212222"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212223"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212323"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4923"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-1844
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-1844",
"description": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2021-1844",
"references": [
"https://www.suse.com/security/cve/CVE-2021-1844.html",
"https://www.debian.org/security/2021/dsa-4923",
"https://access.redhat.com/errata/RHSA-2021:4381",
"https://ubuntu.com/security/CVE-2021-1844",
"https://advisories.mageia.org/CVE-2021-1844.html",
"https://security.archlinux.org/CVE-2021-1844",
"https://linux.oracle.com/cve/CVE-2021-1844.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-1844"
],
"details": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2021-1844",
"modified": "2023-12-13T01:23:23.781056Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "14.0"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212220",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212220"
},
{
"name": "https://support.apple.com/en-us/HT212221",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212221"
},
{
"name": "https://support.apple.com/en-us/HT212222",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212222"
},
{
"name": "https://support.apple.com/en-us/HT212223",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212223"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "https://support.apple.com/kb/HT212323",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212323"
},
{
"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"name": "DSA-4923",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4923"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-1844"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212222",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212222"
},
{
"name": "https://support.apple.com/en-us/HT212223",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212223"
},
{
"name": "https://support.apple.com/en-us/HT212220",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212220"
},
{
"name": "https://support.apple.com/en-us/HT212221",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212221"
},
{
"name": "FEDORA-2021-864dc37032",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"
},
{
"name": "https://support.apple.com/kb/HT212323",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212323"
},
{
"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/55"
},
{
"name": "DSA-4923",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4923"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-01-09T16:41Z",
"publishedDate": "2021-04-02T19:15Z"
}
}
}
OPENSUSE-SU-2021:0637-1
Vulnerability from csaf_opensuse - Published: 2021-04-30 19:23 - Updated: 2021-04-30 19:23Summary
Security update for webkit2gtk3
Severity
Important
Notes
Title of the patch: Security update for webkit2gtk3
Description of the patch: This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.0 (bsc#1184155):
* Fix the authentication request port when URL omits the port.
* Fix iframe scrolling when main frame is scrolled in async
* scrolling mode.
* Stop using g_memdup.
* Show a warning message when overriding signal handler for
* threading suspension.
* Fix the build on RISC-V with GCC 11.
* Fix several crashes and rendering issues.
* Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
- Update in version 2.30.6 (bsc#1184262):
* Update user agent quirks again for Google Docs and Google Drive.
* Fix several crashes and rendering issues.
* Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765
CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
- Update _constraints for armv6/armv7 (bsc#1182719)
- restore NPAPI plugin support which was removed in 2.32.0
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-637
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
37 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1182719 | self |
| https://bugzilla.suse.com/1184155 | self |
| https://bugzilla.suse.com/1184262 | self |
| https://www.suse.com/security/cve/CVE-2020-27918/ | self |
| https://www.suse.com/security/cve/CVE-2020-29623/ | self |
| https://www.suse.com/security/cve/CVE-2021-1765/ | self |
| https://www.suse.com/security/cve/CVE-2021-1788/ | self |
| https://www.suse.com/security/cve/CVE-2021-1789/ | self |
| https://www.suse.com/security/cve/CVE-2021-1799/ | self |
| https://www.suse.com/security/cve/CVE-2021-1801/ | self |
| https://www.suse.com/security/cve/CVE-2021-1844/ | self |
| https://www.suse.com/security/cve/CVE-2021-1870/ | self |
| https://www.suse.com/security/cve/CVE-2021-1871/ | self |
| https://www.suse.com/security/cve/CVE-2020-27918 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2020-29623 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1765 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1788 | external |
| https://bugzilla.suse.com/1184155 | external |
| https://www.suse.com/security/cve/CVE-2021-1789 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1799 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1801 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1844 | external |
| https://bugzilla.suse.com/1184155 | external |
| https://www.suse.com/security/cve/CVE-2021-1870 | external |
| https://bugzilla.suse.com/1184262 | external |
| https://www.suse.com/security/cve/CVE-2021-1871 | external |
| https://bugzilla.suse.com/1184155 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for webkit2gtk3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for webkit2gtk3 fixes the following issues:\n\n- Update to version 2.32.0 (bsc#1184155):\n * Fix the authentication request port when URL omits the port.\n * Fix iframe scrolling when main frame is scrolled in async\n * scrolling mode.\n * Stop using g_memdup.\n * Show a warning message when overriding signal handler for\n * threading suspension.\n * Fix the build on RISC-V with GCC 11.\n * Fix several crashes and rendering issues.\n * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871\n- Update in version 2.30.6 (bsc#1184262):\n * Update user agent quirks again for Google Docs and Google Drive.\n * Fix several crashes and rendering issues.\n * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765\n CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.\n- Update _constraints for armv6/armv7 (bsc#1182719)\n- restore NPAPI plugin support which was removed in 2.32.0\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-637",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0637-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0637-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0637-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/"
},
{
"category": "self",
"summary": "SUSE Bug 1182719",
"url": "https://bugzilla.suse.com/1182719"
},
{
"category": "self",
"summary": "SUSE Bug 1184155",
"url": "https://bugzilla.suse.com/1184155"
},
{
"category": "self",
"summary": "SUSE Bug 1184262",
"url": "https://bugzilla.suse.com/1184262"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29623 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1765 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1788 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1789 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1799 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1801 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1844 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1870 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-1871 page",
"url": "https://www.suse.com/security/cve/CVE-2021-1871/"
}
],
"title": "Security update for webkit2gtk3",
"tracking": {
"current_release_date": "2021-04-30T19:23:01Z",
"generator": {
"date": "2021-04-30T19:23:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0637-1",
"initial_release_date": "2021-04-30T19:23:01Z",
"revision_history": [
{
"date": "2021-04-30T19:23:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"product_id": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"product_id": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"product_id": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"product_id": "webkit-jsc-4-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"product_id": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"product_id": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"product": {
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"product_id": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"product": {
"name": "libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"product_id": "libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"product_id": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"product_id": "libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"product_id": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"product_id": "libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"product_id": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"product_id": "webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"product_id": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"product_id": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64",
"product": {
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64",
"product_id": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch"
},
"product_reference": "libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586"
},
"product_reference": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
},
"product_reference": "webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27918"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27918",
"url": "https://www.suse.com/security/cve/CVE-2020-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2020-27918",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "important"
}
],
"title": "CVE-2020-27918"
},
{
"cve": "CVE-2020-29623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29623"
}
],
"notes": [
{
"category": "general",
"text": "\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29623",
"url": "https://www.suse.com/security/cve/CVE-2020-29623"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2020-29623",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "important"
}
],
"title": "CVE-2020-29623"
},
{
"cve": "CVE-2021-1765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1765"
}
],
"notes": [
{
"category": "general",
"text": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1765",
"url": "https://www.suse.com/security/cve/CVE-2021-1765"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2021-1765",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1765"
},
{
"cve": "CVE-2021-1788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1788"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1788",
"url": "https://www.suse.com/security/cve/CVE-2021-1788"
},
{
"category": "external",
"summary": "SUSE Bug 1184155 for CVE-2021-1788",
"url": "https://bugzilla.suse.com/1184155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1788"
},
{
"cve": "CVE-2021-1789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1789"
}
],
"notes": [
{
"category": "general",
"text": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1789",
"url": "https://www.suse.com/security/cve/CVE-2021-1789"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2021-1789",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1789"
},
{
"cve": "CVE-2021-1799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1799"
}
],
"notes": [
{
"category": "general",
"text": "A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1799",
"url": "https://www.suse.com/security/cve/CVE-2021-1799"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2021-1799",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1799"
},
{
"cve": "CVE-2021-1801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1801"
}
],
"notes": [
{
"category": "general",
"text": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1801",
"url": "https://www.suse.com/security/cve/CVE-2021-1801"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2021-1801",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1801"
},
{
"cve": "CVE-2021-1844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1844"
}
],
"notes": [
{
"category": "general",
"text": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1844",
"url": "https://www.suse.com/security/cve/CVE-2021-1844"
},
{
"category": "external",
"summary": "SUSE Bug 1184155 for CVE-2021-1844",
"url": "https://bugzilla.suse.com/1184155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1844"
},
{
"cve": "CVE-2021-1870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1870"
}
],
"notes": [
{
"category": "general",
"text": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1870",
"url": "https://www.suse.com/security/cve/CVE-2021-1870"
},
{
"category": "external",
"summary": "SUSE Bug 1184262 for CVE-2021-1870",
"url": "https://bugzilla.suse.com/1184262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1870"
},
{
"cve": "CVE-2021-1871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-1871"
}
],
"notes": [
{
"category": "general",
"text": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-1871",
"url": "https://www.suse.com/security/cve/CVE-2021-1871"
},
{
"category": "external",
"summary": "SUSE Bug 1184155 for CVE-2021-1871",
"url": "https://bugzilla.suse.com/1184155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1.noarch",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1.x86_64",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.i586",
"openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T19:23:01Z",
"details": "critical"
}
],
"title": "CVE-2021-1871"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…