opensuse-su-2022:10088-1
Vulnerability from csaf_opensuse
Published
2022-08-15 22:01
Modified
2022-08-15 22:01
Summary
Security update for opera
Notes
Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues:
Opera was updated to 89.0.4447.71
- CHR-8957 Update chromium on desktop-stable-103-4447 to
103.0.5060.134
- DNA-100492 authPrivate.storeCredentials should work with
running auth session
- DNA-100649 “Sign out” from settings doesn’t also sign out
from auth
- DNA-100653 VPN Badge popup – not working well with different
page zoom being set in browser settings
- DNA-100712 Wrong spacing on text to reset sync passphrase
in settings
- DNA-100799 VPN icon is “pro” on disconnected
- DNA-100841 Remove Get Subscription and Get button from
VPN pro settings
- DNA-100883 Update missing translations from chromium
- DNA-100899 Translation error in Turkish
- DNA-100912 Unable to select pinboards when sync everything
is enabled
- DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB
- DNA-100960 Use after move
CountryBlacklistServiceImpl::DownloadCountryBlacklist
- DNA-100961 Use after move
CategorizationDataCollection::Iterator::Iterator
- DNA-100989 Crash at
opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)
- The update to chromium 103.0.5060.134 fixes following issues:
CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479
CVE-2022-2480, CVE-2022-2481
- Update to 89.0.4447.51
- DNA-99538 Typed content of address bar shared between tabs
- DNA-100418 Set 360 so as search engine in China
- DNA-100629 Launch Auth login when enabling sync while logged in
- DNA-100776 Popup is too long if there are no services available
- Update to 89.0.4447.48
- CHR-8940 Update chromium on desktop-stable-103-4447 to
103.0.5060.114
- DNA-100247 Make it possible to display hint when tab scrolling
gets triggered
- DNA-100482 Shopping corner icon availability
- DNA-100575 Add unique IDs to all web element in opera account
popup
- DNA-100625 Opera account popup appears too high on Linux
- DNA-100627 Enable #snap-from-panel on all stream
- DNA-100636 DCHECK at suggestion_item.cc(484)
- DNA-100685 Fix crash when attaching to tab strip scroll buttons
- DNA-100693 Enable Sticky Site sidebar item to have notification
bubble
- DNA-100698 [AdBlock] Unhandled Disconnect list category:
'emailaggressive'
- DNA-100716 Misstype Settings 'Enhanced address bar'
- DNA-100732 Fix & escaping in translated strings
- DNA-100759 Crash when loading personal news in private window
- The update to chromium 103.0.5060.114 fixes following issues:
CVE-2022-2294, CVE-2022-2295, CVE-2022-2296
- Update to 89.0.4447.38
- DNA-100283 Translations for O89
- Complete Opera 89.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-89/
- Changes in 89.0.4447.37
- CHR-8929 Update chromium on desktop-stable-103-4447 to
103.0.5060.66
- DNA-99780 Crash at zmq::zmq_abort(char const*)
- DNA-100377 New opera account popup doesn’t open on Linux
- DNA-100589 Crash at base::internal::Invoker<T>::RunOnce
(base::internal::BindStateBase*, scoped_refptr<T>&&)
- DNA-100607 Sync “Sign in” button doesn’t work with Opera Account
popup
Patchnames
openSUSE-2022-10088
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nOpera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to\n 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with\n running auth session\n - DNA-100649 \u201cSign out\u201d from settings doesn\u2019t also sign out\n from auth\n - DNA-100653 VPN Badge popup \u2013 not working well with different\n page zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase\n in settings\n - DNA-100799 VPN icon is \u201cpro\u201d on disconnected\n - DNA-100841 Remove Get Subscription and Get button from\n VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything\n is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const\u0026)\n\n- The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n- Update to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n- Update to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to\n 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling\n gets triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account\n popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification\n bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \u0027emailaggressive\u0027\n - DNA-100716 Misstype Settings \u0027Enhanced address bar\u0027\n - DNA-100732 Fix \u0026amp; escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n- The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n- Update to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n- Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n- Changes in 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to\n 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\u2019t open on Linux\n - DNA-100589 Crash at base::internal::Invoker\u003cT\u003e::RunOnce\n (base::internal::BindStateBase*, scoped_refptr\u003cT\u003e\u0026\u0026)\n - DNA-100607 Sync \u201cSign in\u201d button doesn\u2019t work with Opera Account\n popup\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10088",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10088-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10088-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10088-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2163 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2294 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2295 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2477 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2478 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2479 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2480 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2481 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2481/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-08-15T22:01:31Z",
"generator": {
"date": "2022-08-15T22:01:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10088-1",
"initial_release_date": "2022-08-15T22:01:31Z",
"revision_history": [
{
"date": "2022-08-15T22:01:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-89.0.4447.71-lp154.2.14.1.x86_64",
"product": {
"name": "opera-89.0.4447.71-lp154.2.14.1.x86_64",
"product_id": "opera-89.0.4447.71-lp154.2.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.4 NonFree",
"product": {
"name": "openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-89.0.4447.71-lp154.2.14.1.x86_64 as component of openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
},
"product_reference": "opera-89.0.4447.71-lp154.2.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2163"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2163",
"url": "https://www.suse.com/security/cve/CVE-2022-2163"
},
{
"category": "external",
"summary": "SUSE Bug 1200783 for CVE-2022-2163",
"url": "https://bugzilla.suse.com/1200783"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2163",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2163"
},
{
"cve": "CVE-2022-2294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2294"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2294",
"url": "https://www.suse.com/security/cve/CVE-2022-2294"
},
{
"category": "external",
"summary": "SUSE Bug 1201216 for CVE-2022-2294",
"url": "https://bugzilla.suse.com/1201216"
},
{
"category": "external",
"summary": "SUSE Bug 1201980 for CVE-2022-2294",
"url": "https://bugzilla.suse.com/1201980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2294"
},
{
"cve": "CVE-2022-2295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2295"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2295",
"url": "https://www.suse.com/security/cve/CVE-2022-2295"
},
{
"category": "external",
"summary": "SUSE Bug 1201216 for CVE-2022-2295",
"url": "https://bugzilla.suse.com/1201216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2295"
},
{
"cve": "CVE-2022-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2296"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2296",
"url": "https://www.suse.com/security/cve/CVE-2022-2296"
},
{
"category": "external",
"summary": "SUSE Bug 1201216 for CVE-2022-2296",
"url": "https://bugzilla.suse.com/1201216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2296"
},
{
"cve": "CVE-2022-2477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2477"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2477",
"url": "https://www.suse.com/security/cve/CVE-2022-2477"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2477",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2477"
},
{
"cve": "CVE-2022-2478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2478"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2478",
"url": "https://www.suse.com/security/cve/CVE-2022-2478"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2478",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2478"
},
{
"cve": "CVE-2022-2479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2479"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2479",
"url": "https://www.suse.com/security/cve/CVE-2022-2479"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2479",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2479"
},
{
"cve": "CVE-2022-2480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2480"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2480",
"url": "https://www.suse.com/security/cve/CVE-2022-2480"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2480",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2480"
},
{
"cve": "CVE-2022-2481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2481"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2481",
"url": "https://www.suse.com/security/cve/CVE-2022-2481"
},
{
"category": "external",
"summary": "SUSE Bug 1201679 for CVE-2022-2481",
"url": "https://bugzilla.suse.com/1201679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-89.0.4447.71-lp154.2.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T22:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-2481"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…