Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-18197 (GCVE-0-2019-18197)
Vulnerability from cvelistv5 – Published: 2019-10-18 20:07 – Updated: 2026-05-28 18:27
VLAI
EPSS
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
15 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T18:27:54.888438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:27:59.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T23:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18197",
"datePublished": "2019-10-18T20:07:17.000Z",
"dateReserved": "2019-10-18T00:00:00.000Z",
"dateUpdated": "2026-05-28T18:27:59.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-18197",
"date": "2026-05-31",
"epss": "0.04534",
"percentile": "0.8934"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-18197\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-18T21:15:10.793\",\"lastModified\":\"2026-05-28T19:16:33.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.\"},{\"lang\":\"es\",\"value\":\"En la funci\u00f3n xsltCopyText en el archivo transform.c en libxslt versi\u00f3n 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el \u00e1rea de memoria relevante se liber\u00f3 y reutiliz\u00f3 de cierta manera, una comprobaci\u00f3n de l\u00edmites podr\u00eda fallar y podr\u00eda escribirse la memoria fuera de un b\u00fafer o podr\u00edan divulgarse datos no inicializados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF9724E-ED48-45EB-92DF-1223ECF12693\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/11/17/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0514\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191031-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200416-0004/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4164-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/11/17/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191031-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200416-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4164-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4164-1/\", \"name\": \"USN-4164-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\", \"name\": \"[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191031-0004/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/11/17/2\", \"name\": \"[oss-security] 20191117 Nokogiri security update v1.10.5\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\", \"name\": \"openSUSE-SU-2020:0189\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\", \"name\": \"openSUSE-SU-2020:0210\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0514\", \"name\": \"RHSA-2020:0514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\", \"name\": \"openSUSE-SU-2020:0233\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\", \"name\": \"openSUSE-SU-2020:0731\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T01:47:13.523Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-18197\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-28T18:27:54.888438Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-908\", \"description\": \"CWE-908 Use of Uninitialized Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-28T18:27:50.961Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://usn.ubuntu.com/4164-1/\", \"name\": \"USN-4164-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\", \"name\": \"[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191031-0004/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/11/17/2\", \"name\": \"[oss-security] 20191117 Nokogiri security update v1.10.5\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\", \"name\": \"openSUSE-SU-2020:0189\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\", \"name\": \"openSUSE-SU-2020:0210\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0514\", \"name\": \"RHSA-2020:0514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\", \"name\": \"openSUSE-SU-2020:0233\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\", \"name\": \"openSUSE-SU-2020:0731\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-05-28T23:06:08.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\", \"name\": \"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\", \"name\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\", \"name\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\", \"name\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\", \"refsource\": \"MISC\"}, {\"url\": \"https://usn.ubuntu.com/4164-1/\", \"name\": \"USN-4164-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\", \"name\": \"[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191031-0004/\", \"name\": \"https://security.netapp.com/advisory/ntap-20191031-0004/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/11/17/2\", \"name\": \"[oss-security] 20191117 Nokogiri security update v1.10.5\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\", \"name\": \"openSUSE-SU-2020:0189\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\", \"name\": \"openSUSE-SU-2020:0210\", \"refsource\": \"SUSE\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0514\", \"name\": \"RHSA-2020:0514\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\", \"name\": \"openSUSE-SU-2020:0233\", \"refsource\": \"SUSE\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html\", \"name\": \"openSUSE-SU-2020:0731\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-18197\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-18197\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-28T18:27:59.540Z\", \"dateReserved\": \"2019-10-18T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-10-18T20:07:17.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость функции xsltCopyText (transform.c) библиотеки libxslt, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции xsltCopyText (transform.c) библиотеки libxslt связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity
Vendor
ООО «РусБИТех-Астра», Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc., Daniel Veillard, АО «ИВК», АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Ubuntu, Debian GNU/Linux, OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), libxslt, Альт 8 СП (запись в едином реестре российских программ №4305), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), 19.10 (Ubuntu), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 1.1.33 (libxslt), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для libxslt:
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
Для программных продуктов Novell Inc.:
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
Для Astra Linux:
Обновление программного обеспечения (пакета libxslt) до 1.1.29-2.1+deb9u2 или более поздней версии
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libxslt до версии 1.1.29-2.1+deb9u2
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html?_ga=2.252260362.2077164082.1571715739-1618695258.1547637860
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Daniel Veillard, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), 19.10 (Ubuntu), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 1.1.33 (libxslt), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f libxslt:\nhttps://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libxslt) \u0434\u043e 1.1.29-2.1+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libxslt \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.1.29-2.1+deb9u2\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01341",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-18197",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Ubuntu, Debian GNU/Linux, OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), libxslt, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 12.04 ESM , Canonical Ltd. Ubuntu 19.04 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. SUSE Package Hub for SUSE Linux Enterprise 12 , Canonical Ltd. Ubuntu 19.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Daniel Veillard libxslt 1.1.33 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 xsltCopyText (transform.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libxslt, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 xsltCopyText (transform.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libxslt \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html?_ga=2.252260362.2077164082.1571715739-1618695258.1547637860\nhttps://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\nhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00037.html\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2020-AVI-072
Vulnerability from certfr_avis - Published: 2020-02-05 - Updated: 2020-02-05
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 80.0.3987.87",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-6412",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6412"
},
{
"name": "CVE-2020-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6409"
},
{
"name": "CVE-2020-6385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6385"
},
{
"name": "CVE-2020-6411",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6411"
},
{
"name": "CVE-2020-6391",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6391"
},
{
"name": "CVE-2020-6396",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6396"
},
{
"name": "CVE-2020-6408",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6408"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2020-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6387"
},
{
"name": "CVE-2020-6415",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6415"
},
{
"name": "CVE-2020-6392",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6392"
},
{
"name": "CVE-2020-6404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6404"
},
{
"name": "CVE-2020-6406",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6406"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2020-6399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6399"
},
{
"name": "CVE-2020-6394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6394"
},
{
"name": "CVE-2020-6413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6413"
},
{
"name": "CVE-2020-6414",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6414"
},
{
"name": "CVE-2020-6398",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6398"
},
{
"name": "CVE-2020-6417",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6417"
},
{
"name": "CVE-2020-6402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6402"
},
{
"name": "CVE-2020-6403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6403"
},
{
"name": "CVE-2020-6416",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6416"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2020-6390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6390"
},
{
"name": "CVE-2020-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6388"
},
{
"name": "CVE-2020-6389",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6389"
},
{
"name": "CVE-2020-6405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6405"
},
{
"name": "CVE-2020-6400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6400"
},
{
"name": "CVE-2020-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6395"
},
{
"name": "CVE-2020-6381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6381"
},
{
"name": "CVE-2020-6410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6410"
},
{
"name": "CVE-2020-6393",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6393"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2020-6382",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6382"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2020-6397",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6397"
},
{
"name": "CVE-2020-6401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6401"
}
],
"initial_release_date": "2020-02-05T00:00:00",
"last_revision_date": "2020-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 04 f\u00e9vrier 2020",
"url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html"
}
]
}
CERTFR-2020-AVI-217
Vulnerability from certfr_avis - Published: 2020-04-15 - Updated: 2020-04-15
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE Embedded version 8u241",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 7u251, 8u241, 11.0.6 et 14",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2778"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2764",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2764"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2020-2816",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2816"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2767",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2767"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
}
],
"initial_release_date": "2020-04-15T00:00:00",
"last_revision_date": "2020-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-217",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#JAVA"
}
]
}
CERTFR-2022-AVI-663
Vulnerability from certfr_avis - Published: 2022-07-20 - Updated: 2022-07-20
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar versions 5.4.0.x versions ant\u00e9rieures \u00e0 5.4.0.16",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar versions 5.5.0.x versions ant\u00e9rieures \u00e0 5.5.0.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-663",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6605299 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6605299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6441625 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6441625"
}
]
}
CERTFR-2022-AVI-888
Vulnerability from certfr_avis - Published: 2022-10-07 - Updated: 2022-10-07
Une vulnérabilité a été découverte dans les produits F5. Elle permet à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Traffix SDC versions 5.x.x ant\u00e9rieures \u00e0 5.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP (tous modules) versions ant\u00e9rieures \u00e0 17.0.0",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
}
],
"initial_release_date": "2022-10-07T00:00:00",
"last_revision_date": "2022-10-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-888",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F5. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K10812540 du 06 octobre 2022",
"url": "https://support.f5.com/csp/article/K10812540"
}
]
}
Title
libxslt缓冲区溢出漏洞(CNVD-2019-36942)
Description
libxslt是一款XSLT(用于定义XML转换的XML语言)C库。
libxslt 1.1.33版本中的transform.c文件的xsltCopyText存在缓冲区溢出漏洞,攻击者可利用该漏洞导致缓冲区溢出或堆溢出。
Severity
中
Patch Name
libxslt缓冲区溢出漏洞(CNVD-2019-36942)的补丁
Patch Description
libxslt是一款XSLT(用于定义XML转换的XML语言)C库。
libxslt 1.1.33版本中的transform.c文件的xsltCopyText存在缓冲区溢出漏洞,攻击者可利用该漏洞导致缓冲区溢出或堆溢出。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/GNOME/libxslt
Reference
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
Impacted products
| Name | libxslt libxslt 1.1.33 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-18197"
}
},
"description": "libxslt\u662f\u4e00\u6b3eXSLT\uff08\u7528\u4e8e\u5b9a\u4e49XML\u8f6c\u6362\u7684XML\u8bed\u8a00\uff09C\u5e93\u3002\n\nlibxslt 1.1.33\u7248\u672c\u4e2d\u7684transform.c\u6587\u4ef6\u7684xsltCopyText\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/GNOME/libxslt",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-36942",
"openTime": "2019-10-24",
"patchDescription": "libxslt\u662f\u4e00\u6b3eXSLT\uff08\u7528\u4e8e\u5b9a\u4e49XML\u8f6c\u6362\u7684XML\u8bed\u8a00\uff09C\u5e93\u3002\r\n\r\nlibxslt 1.1.33\u7248\u672c\u4e2d\u7684transform.c\u6587\u4ef6\u7684xsltCopyText\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libxslt\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-36942\uff09\u7684\u8865\u4e01",
"products": {
"product": "libxslt libxslt 1.1.33"
},
"referenceLink": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914\r\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746\r\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"serverity": "\u4e2d",
"submitTime": "2019-10-21",
"title": "libxslt\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-36942\uff09"
}
FKIE_CVE-2019-18197
Vulnerability from fkie_nvd - Published: 2019-10-18 21:15 - Updated: 2026-05-28 19:16
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| linux | linux_kernel | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
},
{
"lang": "es",
"value": "En la funci\u00f3n xsltCopyText en el archivo transform.c en libxslt versi\u00f3n 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el \u00e1rea de memoria relevante se liber\u00f3 y reutiliz\u00f3 de cierta manera, una comprobaci\u00f3n de l\u00edmites podr\u00eda fallar y podr\u00eda escribirse la memoria fuera de un b\u00fafer o podr\u00edan divulgarse datos no inicializados."
}
],
"id": "CVE-2019-18197",
"lastModified": "2026-05-28T19:16:33.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-10-18T21:15:10.793",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-242X-7CM6-4W8J
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2023-07-07 21:30
VLAI
Summary
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
Details
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-18197"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-07T21:30:20Z",
"nvd_published_at": "2019-10-18T21:15:00Z",
"severity": "HIGH"
},
"details": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.\n\nNokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.",
"id": "GHSA-242x-7cm6-4w8j",
"modified": "2023-07-07T21:30:20Z",
"published": "2022-05-24T16:59:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/1943"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191031-0004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4164-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability"
}
GSD-2019-18197
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-18197",
"description": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",
"id": "GSD-2019-18197",
"references": [
"https://www.suse.com/security/cve/CVE-2019-18197.html",
"https://access.redhat.com/errata/RHSA-2020:4464",
"https://access.redhat.com/errata/RHSA-2020:4005",
"https://access.redhat.com/errata/RHSA-2020:0514",
"https://ubuntu.com/security/CVE-2019-18197",
"https://advisories.mageia.org/CVE-2019-18197.html",
"https://security.archlinux.org/CVE-2019-18197",
"https://alas.aws.amazon.com/cve/html/CVE-2019-18197.html",
"https://linux.oracle.com/cve/CVE-2019-18197.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-18197"
],
"details": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",
"id": "GSD-2019-18197",
"modified": "2023-12-13T01:23:50.090076Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.10.5",
"affected_versions": "All versions before 1.10.5",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-416",
"CWE-908",
"CWE-937"
],
"date": "2019-12-23",
"description": "In `xsltCopyText` in `transform.c` in libxslt, which is used by nokogiri, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",
"fixed_versions": [
"1.10.5"
],
"identifier": "CVE-2019-18197",
"identifiers": [
"CVE-2019-18197"
],
"not_impacted": "All versions starting from 1.10.5",
"package_slug": "gem/nokogiri",
"pubdate": "2019-10-18",
"solution": "Upgrade to version 1.10.5 or above.",
"title": "Use After Free",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-18197"
],
"uuid": "ecf64d0e-4f5c-4ebe-9f3f-c75ea81dc837"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18197"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-10-18T21:15Z"
}
}
}
OPENSUSE-SU-2020:0189-1
Vulnerability from csaf_opensuse - Published: 2020-02-08 23:11 - Updated: 2020-02-08 23:11Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium was updated to version 80.0.3987.87 (boo#1162833).
Security issues fixed:
- CVE-2020-6381: Integer overflow in JavaScript (boo#1162833).
- CVE-2020-6382: Type Confusion in JavaScript (boo#1162833).
- CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833).
- CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833).
- CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833).
- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833).
- CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833).
- CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6390: Out of bounds memory access in streams (boo#1162833).
- CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833).
- CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833).
- CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833).
- CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833).
- CVE-2020-6397: Incorrect security UI in sharing (boo#1162833).
- CVE-2020-6398: Uninitialized use in PDFium (boo#1162833).
- CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833).
- CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833).
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833).
- CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833).
- CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6405: Out of bounds read in SQLite (boo#1162833).
- CVE-2020-6406: Use after free in audio (boo#1162833).
- CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833).
- CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833).
- CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833).
- CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833).
- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833).
- CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833).
- CVE-2020-6416: Insufficient data validation in streams (boo#1162833).
- CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
Patchnames: openSUSE-2020-189
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
129 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium was updated to version 80.0.3987.87 (boo#1162833).\n\nSecurity issues fixed:\n\n- CVE-2020-6381: Integer overflow in JavaScript (boo#1162833).\n- CVE-2020-6382: Type Confusion in JavaScript (boo#1162833).\n- CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833).\n- CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833).\n- CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833).\n- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833).\n- CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833).\n- CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833).\n- CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833).\n- CVE-2020-6390: Out of bounds memory access in streams (boo#1162833).\n- CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833).\n- CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833).\n- CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833).\n- CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833).\n- CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833).\n- CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833).\n- CVE-2020-6397: Incorrect security UI in sharing (boo#1162833).\n- CVE-2020-6398: Uninitialized use in PDFium (boo#1162833).\n- CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833).\n- CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833).\n- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833).\n- CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833).\n- CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833).\n- CVE-2020-6405: Out of bounds read in SQLite (boo#1162833).\n- CVE-2020-6406: Use after free in audio (boo#1162833).\n- CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833).\n- CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833).\n- CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833).\n- CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833).\n- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833).\n- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833).\n- CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833).\n- CVE-2020-6416: Insufficient data validation in streams (boo#1162833).\n- CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-189",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0189-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0189-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WSVRYLRPQE3DA7JXQF45EVKRHJ433WYL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0189-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WSVRYLRPQE3DA7JXQF45EVKRHJ433WYL/"
},
{
"category": "self",
"summary": "SUSE Bug 1162833",
"url": "https://bugzilla.suse.com/1162833"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19923 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19925 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19926 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6381 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6382 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6385 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6387 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6388 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6389 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6390 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6391 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6392 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6393 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6394 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6395 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6396 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6397 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6398 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6399 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6400 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6401 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6402 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6403 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6404 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6405 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6406 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6408 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6409 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6410 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6411 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6412 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6413 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6414 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6415 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6416 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6417 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6417/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2020-02-08T23:11:40Z",
"generator": {
"date": "2020-02-08T23:11:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0189-1",
"initial_release_date": "2020-02-08T23:11:40Z",
"revision_history": [
{
"date": "2020-02-08T23:11:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"product": {
"name": "chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"product_id": "chromedriver-80.0.3987.87-lp151.2.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-80.0.3987.87-lp151.2.63.1.x86_64",
"product": {
"name": "chromium-80.0.3987.87-lp151.2.63.1.x86_64",
"product_id": "chromium-80.0.3987.87-lp151.2.63.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-80.0.3987.87-lp151.2.63.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64"
},
"product_reference": "chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-80.0.3987.87-lp151.2.63.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
},
"product_reference": "chromium-80.0.3987.87-lp151.2.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18197"
}
],
"notes": [
{
"category": "general",
"text": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18197",
"url": "https://www.suse.com/security/cve/CVE-2019-18197"
},
{
"category": "external",
"summary": "SUSE Bug 1154609 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1154609"
},
{
"category": "external",
"summary": "SUSE Bug 1157028 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1157028"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1162833"
},
{
"category": "external",
"summary": "SUSE Bug 1169511 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1169511"
},
{
"category": "external",
"summary": "SUSE Bug 1190108 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1190108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2019-18197"
},
{
"cve": "CVE-2019-19880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19880"
}
],
"notes": [
{
"category": "general",
"text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19880",
"url": "https://www.suse.com/security/cve/CVE-2019-19880"
},
{
"category": "external",
"summary": "SUSE Bug 1159491 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1159491"
},
{
"category": "external",
"summary": "SUSE Bug 1159715 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1159715"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2019-19880"
},
{
"cve": "CVE-2019-19923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19923"
}
],
"notes": [
{
"category": "general",
"text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19923",
"url": "https://www.suse.com/security/cve/CVE-2019-19923"
},
{
"category": "external",
"summary": "SUSE Bug 1160309 for CVE-2019-19923",
"url": "https://bugzilla.suse.com/1160309"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19923",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-19923"
},
{
"cve": "CVE-2019-19925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19925"
}
],
"notes": [
{
"category": "general",
"text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19925",
"url": "https://www.suse.com/security/cve/CVE-2019-19925"
},
{
"category": "external",
"summary": "SUSE Bug 1159847 for CVE-2019-19925",
"url": "https://bugzilla.suse.com/1159847"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19925",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "low"
}
],
"title": "CVE-2019-19925"
},
{
"cve": "CVE-2019-19926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19926"
}
],
"notes": [
{
"category": "general",
"text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19926",
"url": "https://www.suse.com/security/cve/CVE-2019-19926"
},
{
"category": "external",
"summary": "SUSE Bug 1159491 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1159491"
},
{
"category": "external",
"summary": "SUSE Bug 1159715 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1159715"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2019-19926"
},
{
"cve": "CVE-2020-6381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6381"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6381",
"url": "https://www.suse.com/security/cve/CVE-2020-6381"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6381",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6381"
},
{
"cve": "CVE-2020-6382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6382"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6382",
"url": "https://www.suse.com/security/cve/CVE-2020-6382"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6382",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6382"
},
{
"cve": "CVE-2020-6385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6385"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6385",
"url": "https://www.suse.com/security/cve/CVE-2020-6385"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6385",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6385"
},
{
"cve": "CVE-2020-6387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6387"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6387",
"url": "https://www.suse.com/security/cve/CVE-2020-6387"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6387",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6387"
},
{
"cve": "CVE-2020-6388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6388"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6388",
"url": "https://www.suse.com/security/cve/CVE-2020-6388"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6388",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6388"
},
{
"cve": "CVE-2020-6389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6389"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6389",
"url": "https://www.suse.com/security/cve/CVE-2020-6389"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6389",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6389"
},
{
"cve": "CVE-2020-6390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6390"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6390",
"url": "https://www.suse.com/security/cve/CVE-2020-6390"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6390",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6390"
},
{
"cve": "CVE-2020-6391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6391"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6391",
"url": "https://www.suse.com/security/cve/CVE-2020-6391"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6391",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6391"
},
{
"cve": "CVE-2020-6392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6392"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6392",
"url": "https://www.suse.com/security/cve/CVE-2020-6392"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6392",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6392"
},
{
"cve": "CVE-2020-6393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6393"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6393",
"url": "https://www.suse.com/security/cve/CVE-2020-6393"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6393",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6393"
},
{
"cve": "CVE-2020-6394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6394"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6394",
"url": "https://www.suse.com/security/cve/CVE-2020-6394"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6394",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6394"
},
{
"cve": "CVE-2020-6395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6395"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6395",
"url": "https://www.suse.com/security/cve/CVE-2020-6395"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6395",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6395"
},
{
"cve": "CVE-2020-6396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6396"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6396",
"url": "https://www.suse.com/security/cve/CVE-2020-6396"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6396",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6396"
},
{
"cve": "CVE-2020-6397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6397"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6397",
"url": "https://www.suse.com/security/cve/CVE-2020-6397"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6397",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6397"
},
{
"cve": "CVE-2020-6398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6398"
}
],
"notes": [
{
"category": "general",
"text": "Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6398",
"url": "https://www.suse.com/security/cve/CVE-2020-6398"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6398",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6398"
},
{
"cve": "CVE-2020-6399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6399"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6399",
"url": "https://www.suse.com/security/cve/CVE-2020-6399"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6399",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6399"
},
{
"cve": "CVE-2020-6400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6400"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6400",
"url": "https://www.suse.com/security/cve/CVE-2020-6400"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6400",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6400"
},
{
"cve": "CVE-2020-6401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6401"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6401",
"url": "https://www.suse.com/security/cve/CVE-2020-6401"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6401",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6401"
},
{
"cve": "CVE-2020-6402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6402"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6402",
"url": "https://www.suse.com/security/cve/CVE-2020-6402"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6402",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6402"
},
{
"cve": "CVE-2020-6403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6403"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6403",
"url": "https://www.suse.com/security/cve/CVE-2020-6403"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6403",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6403"
},
{
"cve": "CVE-2020-6404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6404"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6404",
"url": "https://www.suse.com/security/cve/CVE-2020-6404"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6404",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6404"
},
{
"cve": "CVE-2020-6405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6405"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6405",
"url": "https://www.suse.com/security/cve/CVE-2020-6405"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6405",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6405"
},
{
"cve": "CVE-2020-6406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6406"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6406",
"url": "https://www.suse.com/security/cve/CVE-2020-6406"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6406",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6406"
},
{
"cve": "CVE-2020-6408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6408"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6408",
"url": "https://www.suse.com/security/cve/CVE-2020-6408"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6408",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6408"
},
{
"cve": "CVE-2020-6409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6409"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6409",
"url": "https://www.suse.com/security/cve/CVE-2020-6409"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6409",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6409"
},
{
"cve": "CVE-2020-6410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6410"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6410",
"url": "https://www.suse.com/security/cve/CVE-2020-6410"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6410",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6410"
},
{
"cve": "CVE-2020-6411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6411"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6411",
"url": "https://www.suse.com/security/cve/CVE-2020-6411"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6411",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6411"
},
{
"cve": "CVE-2020-6412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6412"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6412",
"url": "https://www.suse.com/security/cve/CVE-2020-6412"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6412",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6412"
},
{
"cve": "CVE-2020-6413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6413"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6413",
"url": "https://www.suse.com/security/cve/CVE-2020-6413"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6413",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6413"
},
{
"cve": "CVE-2020-6414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6414"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6414",
"url": "https://www.suse.com/security/cve/CVE-2020-6414"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6414",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6414"
},
{
"cve": "CVE-2020-6415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6415"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6415",
"url": "https://www.suse.com/security/cve/CVE-2020-6415"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6415",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6415"
},
{
"cve": "CVE-2020-6416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6416"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6416",
"url": "https://www.suse.com/security/cve/CVE-2020-6416"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6416",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6416"
},
{
"cve": "CVE-2020-6417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6417"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6417",
"url": "https://www.suse.com/security/cve/CVE-2020-6417"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6417",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-80.0.3987.87-lp151.2.63.1.x86_64",
"openSUSE Leap 15.1:chromium-80.0.3987.87-lp151.2.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-08T23:11:40Z",
"details": "important"
}
],
"title": "CVE-2020-6417"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…