Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Opera: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201206-03 | First vendor Publication | 2012-06-15 |
| Vendor | Gentoo | Last vendor Modification | 2012-06-15 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Background Description Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201206-03.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201206-03.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 23 % | CWE-399 | Resource Management Errors |
| 21 % | CWE-20 | Improper Input Validation |
| 20 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 7 % | CWE-200 | Information Exposure |
| 6 % | CWE-287 | Improper Authentication |
| 4 % | CWE-310 | Cryptographic Issues |
| 4 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 3 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3 % | CWE-16 | Configuration |
| 1 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 1 % | CWE-295 | Certificate Issues |
| 1 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11096 | |||
| Oval ID: | oval:org.mitre.oval:def:11096 | ||
| Title: | Information Disclosure in Opera before 10.50 due to failure to restrict third-party domains from accessing certain widget properties. | ||
| Description: | Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2659 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11157 | |||
| Oval ID: | oval:org.mitre.oval:def:11157 | ||
| Title: | Popup blocker bypass in Opera before 10.60 via a javascript: URL and a "fake click." | ||
| Description: | Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2662 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11170 | |||
| Oval ID: | oval:org.mitre.oval:def:11170 | ||
| Title: | Denial of service in Opera before 10.60 via an ended event handler that changes the SRC attribute of an AUDIO element. | ||
| Description: | Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2663 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11352 | |||
| Oval ID: | oval:org.mitre.oval:def:11352 | ||
| Title: | Multiple unspecified vulnerabilities in Opera before 10.64 | ||
| Description: | Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2421 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11362 | |||
| Oval ID: | oval:org.mitre.oval:def:11362 | ||
| Title: | Cross-Site Scripting in Opera before 10.54 related to incorrect detection of the "opening site." | ||
| Description: | Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2665 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11603 | |||
| Oval ID: | oval:org.mitre.oval:def:11603 | ||
| Title: | Information Disclosure in Opera before 10.54 due to failure to restrict certain uses of homograph characters in domain names. | ||
| Description: | Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2660 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11622 | |||
| Oval ID: | oval:org.mitre.oval:def:11622 | ||
| Title: | Denial of service in Opera 9.52 via JavaScript code containing an infinite loops. | ||
| Description: | Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2121 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11640 | |||
| Oval ID: | oval:org.mitre.oval:def:11640 | ||
| Title: | Denial of service in Opera before 10.60 due to failure to handle unclosed SPAN elements with absolute positioning. | ||
| Description: | Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2664 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11641 | |||
| Oval ID: | oval:org.mitre.oval:def:11641 | ||
| Title: | Clickjacking vulnerability in Opera before 11.01 | ||
| Description: | Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0683 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11664 | |||
| Oval ID: | oval:org.mitre.oval:def:11664 | ||
| Title: | Denial of service in Opera 9.52 due to failure to restrict the execution of mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL. | ||
| Description: | Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1989 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11669 | |||
| Oval ID: | oval:org.mitre.oval:def:11669 | ||
| Title: | Information Disclosure in Opera before 10.54 due to failure to restrict access to the full pathname of a file selected for upload. | ||
| Description: | Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2661 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11862 | |||
| Oval ID: | oval:org.mitre.oval:def:11862 | ||
| Title: | Arbitrary file upload in Opera before 10.60 due to failure to restrict certain interaction between plug-ins, file inputs, and the clipboard. | ||
| Description: | Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2658 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11878 | |||
| Oval ID: | oval:org.mitre.oval:def:11878 | ||
| Title: | Unspecified vulnerability in Opera before 11.01 via a unknown content on a web page | ||
| Description: | Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0686 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11933 | |||
| Oval ID: | oval:org.mitre.oval:def:11933 | ||
| Title: | A denial of service caused via an animated PNG image in Opera before 10.61. | ||
| Description: | Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3021 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11952 | |||
| Oval ID: | oval:org.mitre.oval:def:11952 | ||
| Title: | Denial of service in Opera 9.52 due to failure to handle an IFRAME element with a mailto: URL in its SRC attribute. | ||
| Description: | Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1993 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12045 | |||
| Oval ID: | oval:org.mitre.oval:def:12045 | ||
| Title: | CSS bypass vulnerability in Opera before 11.01 | ||
| Description: | The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0681 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12066 | |||
| Oval ID: | oval:org.mitre.oval:def:12066 | ||
| Title: | Heap-based buffer overflow in Opera before 10.61 | ||
| Description: | Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3019 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12073 | |||
| Oval ID: | oval:org.mitre.oval:def:12073 | ||
| Title: | Vulnerability in news-feed preview feature in Opera before 10.61 | ||
| Description: | The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3020 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12084 | |||
| Oval ID: | oval:org.mitre.oval:def:12084 | ||
| Title: | Opera before 10.61 does not properly suppress clicks on download dialogs | ||
| Description: | Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2576 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12296 | |||
| Oval ID: | oval:org.mitre.oval:def:12296 | ||
| Title: | Information disclosure vulnerability in Opera before 11.01 | ||
| Description: | Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0684 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12507 | |||
| Oval ID: | oval:org.mitre.oval:def:12507 | ||
| Title: | Information disclosure vulnerability in Delete Private Data feature in Opera before 11.01 | ||
| Description: | The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0685 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12563 | |||
| Oval ID: | oval:org.mitre.oval:def:12563 | ||
| Title: | Denial of service vulnerability in Opera before 11.01 via a crafted WAP document | ||
| Description: | Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0687 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12636 | |||
| Oval ID: | oval:org.mitre.oval:def:12636 | ||
| Title: | Denial of service vulnerability in Opera before 11.01 | ||
| Description: | Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0682 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5432 | |||
| Oval ID: | oval:org.mitre.oval:def:5432 | ||
| Title: | Opera Web Browser Denial Of Service Vulnerability | ||
| Description: | Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1234 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5679 | |||
| Oval ID: | oval:org.mitre.oval:def:5679 | ||
| Title: | DEPRECATED: Opera before 10.00 does not properly implement the INPUT TYPE=file functionality | ||
| Description: | Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3048 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6235 | |||
| Oval ID: | oval:org.mitre.oval:def:6235 | ||
| Title: | Opera before 10.00 does not properly display all characters in Internationalized Domain Names | ||
| Description: | Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3049 | Version: | 9 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6357 | |||
| Oval ID: | oval:org.mitre.oval:def:6357 | ||
| Title: | Opera before 10.00 does not check all intermediate X.509 certificates for revocation | ||
| Description: | Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3046 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6385 | |||
| Oval ID: | oval:org.mitre.oval:def:6385 | ||
| Title: | Opera before 10.10 allows to obtain sensitive information and XSS attacks | ||
| Description: | Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-4071 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6442 | |||
| Oval ID: | oval:org.mitre.oval:def:6442 | ||
| Title: | Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm | ||
| Description: | Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3045 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6444 | |||
| Oval ID: | oval:org.mitre.oval:def:6444 | ||
| Title: | Opera before 10.00 does not properly handle a \0 character or invalid wildcard character | ||
| Description: | Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3044 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6460 | |||
| Oval ID: | oval:org.mitre.oval:def:6460 | ||
| Title: | Opera before 10.00 allow remote attacks to spoof URLs | ||
| Description: | Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3047 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6543 | |||
| Oval ID: | oval:org.mitre.oval:def:6543 | ||
| Title: | Opera before 10.10 has unknown impact and attack vectors vulnerability | ||
| Description: | Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-4072 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6574 | |||
| Oval ID: | oval:org.mitre.oval:def:6574 | ||
| Title: | Memory corruption error in Opera before 10.01 when processing malformed domain names | ||
| Description: | Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3831 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Opera Browser |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for opera openSUSE-SU-2012:0610-1 (opera) File : nvt/gb_suse_2012_0610_1.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-03 (Opera) File : nvt/glsa_201206_03.nasl |
| 2012-06-21 | Name : Opera Multiple Vulnerabilities - June12 (Mac OS X) File : nvt/gb_opera_mult_vuln_june12_macosx.nasl |
| 2012-06-21 | Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) File : nvt/gb_opera_url_code_exec_vuln_win.nasl |
| 2012-06-21 | Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Mac OS X) File : nvt/gb_opera_url_code_exec_vuln_macosx.nasl |
| 2012-06-21 | Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Linux) File : nvt/gb_opera_url_code_exec_vuln_lin.nasl |
| 2012-06-21 | Name : Opera Multiple Vulnerabilities - June12 (Windows) File : nvt/gb_opera_mult_vuln_june12_win.nasl |
| 2012-06-21 | Name : Opera Multiple Vulnerabilities - June12 (Linux) File : nvt/gb_opera_mult_vuln_june12_lin.nasl |
| 2012-04-19 | Name : Opera Browser 'SRC' Denial of Service Vulnerability (Mac OS X) File : nvt/gb_opera_src_iframe_dos_vuln_macosx.nasl |
| 2012-04-19 | Name : Opera Browser Multiple Vulnerabilities July-11 (Mac OS X) File : nvt/gb_opera_mult_vuln_macosx_july11.nasl |
| 2012-04-19 | Name : Opera Browser Multiple Vulnerabilities-01 July-11 (Mac OS X) File : nvt/gb_opera_mult_vuln1_macosx_july11.nasl |
| 2012-04-19 | Name : Opera Browser Multiple Vulnerabilities-02 July-11 (Mac OS X) File : nvt/gb_opera_mult_vuln2_macosx_july11.nasl |
| 2012-04-10 | Name : Opera Browser 'SRC' Denial of Service Vulnerability (Linux) File : nvt/gb_opera_src_iframe_dos_vuln_lin.nasl |
| 2012-04-10 | Name : Opera Browser Multiple Vulnerabilities July-11 (Linux) File : nvt/gb_opera_mult_vuln_lin_jul11.nasl |
| 2012-04-10 | Name : Opera Browser Multiple Vulnerabilities-02 July-11 (Linux) File : nvt/gb_opera_mult_vuln_lin02_jul11.nasl |
| 2012-04-10 | Name : Opera Browser Multiple Vulnerabilities-01 July-11 (Linux) File : nvt/gb_opera_mult_vuln_lin01_jul11.nasl |
| 2012-04-09 | Name : Opera Multiple Vulnerabilities - December11 (Linux) File : nvt/gb_opera_mult_vuln_dec11_lin.nasl |
| 2012-04-06 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl |
| 2012-03-29 | Name : Opera Multiple Vulnerabilities - March12 (Windows) File : nvt/secpod_opera_mult_vuln_mar12_win.nasl |
| 2012-03-29 | Name : Opera Multiple Vulnerabilities - March12 (MacOSX) File : nvt/secpod_opera_mult_vuln_mar12_macosx.nasl |
| 2012-03-29 | Name : Opera Multiple Vulnerabilities - March12 (Linux) File : nvt/gb_opera_mult_vuln_mar12_lin.nasl |
| 2011-12-09 | Name : Opera Multiple Vulnerabilities - December11 (Mac OS X) File : nvt/gb_opera_mult_vuln_dec11_macosx.nasl |
| 2011-12-09 | Name : Opera Multiple Vulnerabilities - December11 (Windows) File : nvt/gb_opera_mult_vuln_dec11_win.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows) File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl |
| 2011-07-05 | Name : Opera Browser 'SRC' Denial of Service Vulnerability (Windows) File : nvt/gb_opera_src_iframe_dos_vuln_win.nasl |
| 2011-07-05 | Name : Opera Browser Multiple Vulnerabilities Jul-11 (Windows) File : nvt/gb_opera_mult_vuln_win_jul11.nasl |
| 2011-07-05 | Name : Opera Browser Multiple Vulnerabilities Jul-11 (Windows) File : nvt/gb_opera_mult_vuln_win01_jul11.nasl |
| 2011-07-05 | Name : Opera Browser Multiple Vulnerabilities Jul-11 (Windows) File : nvt/gb_opera_mult_vuln_win02_jul11.nasl |
| 2011-05-23 | Name : Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) File : nvt/gb_opera_mem_corr_vuln_win.nasl |
| 2011-03-05 | Name : FreeBSD Ports: opera, opera-devel, linux-opera File : nvt/freebsd_opera23.nasl |
| 2011-02-07 | Name : Opera Browser Multiple Vulnerabilities Feb-11 (Windows) File : nvt/gb_opera_mult_vuln_win_feb11.nasl |
| 2010-12-27 | Name : Opera Browser Multiple Vulnerabilities December-10 (Windows) File : nvt/gb_opera_mult_vuln_win_dec10.nasl |
| 2010-08-16 | Name : Opera Browser Multiple Vulnerabilities August-10 (Windows) File : nvt/gb_opera_mult_vuln_aug10_win.nasl |
| 2010-07-16 | Name : Opera Browser Multiple Vulnerabilities july-10 (Win02) File : nvt/gb_opera_mult_vuln_win02_july10.nasl |
| 2010-07-16 | Name : Opera Browser Multiple Vulnerabilities july-10 (Win01) File : nvt/gb_opera_mult_vuln_win01_july10.nasl |
| 2010-07-16 | Name : Opera Browser 'widget' Information Disclosure Vulnerability july-10 (Win) File : nvt/gb_opera_widget_info_disc_vuln_win_july10.nasl |
| 2010-07-02 | Name : Opera Browser Address Bar Spoofing Vulnerability june-10 (Win) File : nvt/secpod_opera_spoofing_vuln_win.nasl |
| 2010-06-25 | Name : Opera Browser Multiple Vulnerabilities (Windows) File : nvt/secpod_opera_mult_vuln_win_jun10.nasl |
| 2010-06-04 | Name : Opera 'IFRAME' Denial Of Service vulnerability (Windows) File : nvt/gb_opera_iframe_dos_vuln_win.nasl |
| 2010-05-25 | Name : Opera Browser Multiple Denial Of Service Vulnerability (Windows) File : nvt/secpod_opera_mult_dos_vuln_win.nasl |
| 2010-04-13 | Name : Opera Browser 'Content-Length' Header Buffer Overflow Vulnerability (Win) File : nvt/gb_opera_content_length_header_bof_vuln_win.nasl |
| 2010-04-13 | Name : Opera Browser 'Content-Length' Header Buffer Overflow Vulnerability (Linux) File : nvt/gb_opera_content_length_header_bof_vuln_lin.nasl |
| 2010-02-22 | Name : Opera Information Disclosure Vulnerability - (Linux) File : nvt/secpod_opera_info_disc_vuln_feb10_lin.nasl |
| 2010-02-22 | Name : Opera Information Disclosure Vulnerability - (Win) File : nvt/secpod_opera_info_disc_vuln_feb10_win.nasl |
| 2009-12-10 | Name : FreeBSD Ports: opera File : nvt/freebsd_opera19.nasl |
| 2009-11-30 | Name : Opera Information Disclosure and Unspecified Vulnerabilities - (Win) File : nvt/secpod_opera_info_disc_unspecified_vuln_win.nasl |
| 2009-11-30 | Name : Opera Information Disclosure and Unspecified Vulnerabilities - (Linux) File : nvt/secpod_opera_info_disc_unspecified_vuln_lin.nasl |
| 2009-11-11 | Name : FreeBSD Ports: opera File : nvt/freebsd_opera18.nasl |
| 2009-11-04 | Name : Opera Multiple Vulnerabilities - Nov09 (Win) File : nvt/gb_opera_mult_vuln_nov09_win.nasl |
| 2009-11-04 | Name : Opera Denial Of Service Vulnerability - Nov09 (Linux) File : nvt/gb_opera_dos_vuln_nov09_lin.nasl |
| 2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
| 2009-09-07 | Name : Opera Multiple URL Spoofing Vulnerabilities - Sep09 (Win) File : nvt/gb_opera_mult_url_spoof_vuln_sep09_win.nasl |
| 2009-09-07 | Name : Opera Multiple URL Spoofing Vulnerabilities - Sep09 (Linux) File : nvt/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl |
| 2009-09-07 | Name : Opera 'javascript: URI' XSS Vulnerability - Sep09 File : nvt/gb_opera_js_uri_xss_vuln_sep09_win.nasl |
| 2009-09-07 | Name : Opera 'javascript: URI' XSS Vulnerability - Sep09 (Linux) File : nvt/gb_opera_js_uri_xss_vuln_sep09_lin.nasl |
| 2009-06-17 | Name : Opera Web Script Execution Vulnerabilities - June09 (Linux) File : nvt/secpod_opera_web_script_exec_vuln_jun09_lin.nasl |
| 2009-06-17 | Name : Opera Web Script Execution Vulnerabilities - June09 (Win) File : nvt/secpod_opera_web_script_exec_vuln_jun09_win.nasl |
| 2009-04-08 | Name : Opera Web Browser XML Denial Of Service Vulnerability (Win) File : nvt/gb_opera_xml_dos_vuln_win.nasl |
| 2009-04-08 | Name : Opera Web Browser XML Denial Of Service Vulnerability (Linux) File : nvt/gb_opera_xml_dos_vuln_lin.nasl |
| 0000-00-00 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera25.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 77552 | Opera Same Origin Policy Bypass in Operator Variable Enumeration |
| 77551 | Opera Top Level Domain Restriction Cookie Handling Information Disclosure |
| 77550 | Opera Unspecified Remote Issue |
| 74828 | Opera Web Content Security Display Weakness |
| 74176 | Opera VEGAOpBitmap::AddLine Function SELECT Element Invalid Memory Write DoS |
| 73858 | Opera IFRAME Element SRC Attribute about:blank Value DoS |
| 73857 | Opera Embedded Java Applet Empty Parameter Value DoS |
| 73856 | Opera Hidden Animated GIF Continual Repaint CPU Consumption DoS |
| 73855 | Opera Unspecified Application Crash Remote DoS (2011-2638) |
| 73854 | Opera Unspecified Application Crash Remote DoS (2011-2637) |
| 73853 | Opera Unspecified Application Crash Remote DoS (2011-2636) |
| 73852 | Opera CSS Floated Element :hover Pseudo-class DoS |
| 73851 | Opera Search / Customization Hijacking Weakness |
| 73850 | Opera Certificate Revocation List (CRL) File Unspecified Remote DoS |
| 73849 | Opera Silverlight Instance Destruction Handling Remote DoS |
| 73848 | Opera CSS Column-count Property Infinite Repaint Loop Remote DoS |
| 73847 | Opera Easy Sticky Note Extension Pop-up Reload DoS |
| 73846 | Opera Unspecified Application Crash Remote DoS (2011-2629) |
| 73845 | Opera DOM Implementation Application Crash DoS |
| 73844 | Opera IFRAME Element SRC Attribute Script Injection DoS |
| 73843 | Opera SELECT Element Multiple OPTION Element DoS |
| 73842 | Opera Print Preview Large Table Handling DoS |
| 73841 | Opera SVG BiDi Unspecified Application Crash DoS |
| 73840 | Opera Web Workers Application Crash DoS |
| 73839 | Opera Form Layout Application Crash DoS |
| 73838 | Opera SVG Animation Application Crash DoS |
| 73837 | Opera Multiple Gradient Stop Application Crash DoS |
| 73836 | Opera AUDIO / VIDEO Element Window Transition DoS |
| 73835 | Opera Pop-up Windows Text Node Selection DoS |
| 73834 | Opera Unspecified Memory Consumption DoS |
| 73833 | Opera Unspecified Application Crash Remote DoS (2011-2615) |
| 73807 | Opera SVG Multiple Character Path Drawing DoS |
| 73806 | Opera Array.prototype.join Method Non-array Object Remote DoS |
| 73805 | Opera Unspecified Application Crash Remote DoS (2011-2612) |
| 73804 | Opera Printing Functionality Unspecified DoS |
| 73486 | Opera Invalid URL Parsing Remote DoS |
| 73485 | Opera Data URI Security Context Enforcement Weakness |
| 73484 | Opera Unspecified Issue Opera contains an unspecified "moderately severe" flaw that may allow an attacker to have an unspecified impact. No further details have been provided. |
| 72406 | Opera Frameset Construct Handling Memory Corruption A memory corruption flaw exists in Opera. The program fails to sanitize user-supplied input when handling frameset constructs during page unloading, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
| 70733 | Opera WAP Dropdown List Crafted WAP Document DoS Opera contains a flaw that may allow a denial of service. The issue is triggered when the program fails to properly implement Wireless Application Protocol (WAP) dropdown lists, allowing a context-dependent attacker to use a crafted WAP document to cause a denial of service. |
| 70732 | Opera Unspecified Web Page Content Remote DoS Opera contains an unspecified flaw that may allow a context-dependent attacker to cause a denial of service using a crafted web page. No further details have been provided. |
| 70731 | Opera Delete Private Data Feature Weakness Email Account Password Disclosure Opera contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the 'Delete Private Data' feature fails to properly clear email account passwords, which will allow a physically present attacker to access an email account. |
| 70730 | Opera HTTP Redirection Unspecified Response Manipulation Local File Remote Ac... Opera contains a flaw related to the handling of redirections and other unspecified HTTP responses. This may allow a remote attacker to obtain access to local files by loading them as web resources via an unspecified response manipulation. |
| 70729 | Opera opera: URL Restriction Weakness Clickjacking Opera contains a flaw related to the use of 'opera:' URLs. This may be exploited by a context-dependent attacker using a crafted web site to conduct clickjacking attacks. |
| 70728 | Opera Large Form Input Handling Crafted HTML Document Memory Corruption A memory corruption flaw exists in Opera. The program fails to sanitize user-supplied input when handling large form inputs, resulting in memory corruption. With a specially crafted HTML document, a context-dependent attacker can execute arbitrary code. |
| 70727 | Opera CSS Extensions for XML Crafted javascript: URL CSS Filtering Bypass Opera contains a flaw related to the Cascading Style Sheets extensions for XML implementation. The issue is triggered when the program recognizes links to javascript: URLs in the -o-link property. This may allow a remote attacker to use a crafted URL to bypass CSS filtering. |
| 70011 | Opera WebSockets Unspecified Remote Issue Opera enables WebSockets functionality by default, which has unspecified impact and remote attack vectors. No further details have been provided. |
| 70010 | Opera Auto-update Opera Unite Update Remote DoS Opera's autoupdate functionality contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker triggers an Opera Unite update, and will result in loss of availability for the program. |
| 70009 | Opera HTTPS X.509 Certificate Information Presentation Weakness Opera, when Opera Turbo is enabled, fails to properly display informationa bout problematic X.509 certificates on https web sites. This makes it easier for a remote attacker to spoof trusted content via a maliciously crafted web site. |
| 70008 | Opera Web Page Security Indication Display Weakness Opera, when Opera Turbo is enabled, fails to display of a web page's security indication. This makes it easier for a remote attacker to spoof trusted content via a maliciously crafted web site. |
| 70007 | Opera Extension Update Security Policy Access Restriction Bypass Opera contains a flaw related to its extension update security policies. This may allow a remote attacker to bypass access restrictions via unspecified vectors. |
| 70006 | Opera Unspecified Issue Opera contains an unspecified flaw related to a "high severity" issue. No further details have been provided. |
| 70005 | Opera WAP WML Form Field Clearing Weakness Information Disclosure Opera contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when Opera fails to clear WAP WML form fields when navigating to a new web site, which allows a remote attacker to use an input field with the same name as one on a previously visited web site to obtain sensitive information. |
| 70004 | Opera Web Page Content Dialog Box Focus Weakness Opera displays web page dialog boxes over web page content, but in some cases content may be incorrectly displayed over the dialog boxes. This allows remote attackers to more easily trick users into interacting with a malicious web site by spoofing security information or download dialogs. |
| 67276 | Linux-PAM pam_xauth Module Incorrect Return Value Check Privilege Escalation Linux PAM contains a flaw that may allow an attacker to prevent the pam_xauth module from correctly dropping privileges. The issue is triggered when RLIMIT_NPROC is breached for the target user when pam_xauth makes a call to setuid() without checking the return value. |
| 67204 | Opera Tab Focus Change Download Dialog Suppression Weakness Clickjacking |
| 67203 | Opera HTML5 Canvas Painting Operation Transformation Application Overflow |
| 67202 | Opera News Feed Preview Feature Crafted Content Arbitrary Feed Subscription |
| 67201 | Opera Animated PNG Image Unspecified DoS |
| 66288 | Opera data: URI Opening Site Detection XSS |
| 66287 | Opera Unclosed SPAN Element Absolute Positioning DoS |
| 66286 | Opera AUDIO Element SRC Attribute Ended Event Handler DoS |
| 66285 | Opera javascript: URL Fake Click Popup Blocker Bypass |
| 66284 | Opera File Upload Pathname DOM Manipulation Remote Information Disclosure |
| 66283 | Opera Homograph Character Restriction IDN Domain Spoofing Weakness |
| 66282 | Opera Widget Property Cross-domain Accessibility Remote Information Disclosure |
| 66225 | Opera System Clipboard Contents Arbitrary File Upload |
| 65856 | Opera Address Bar Management Race Condition Spoofing Weakness |
| 65717 | Opera Multiple Unspecified Issues (2010-2421) |
| 65111 | Opera Invalid news / nntp URI IFRAME Element Handling Remote DoS Opera contains a flaw that may allow a remote denial of service. The issue is triggered when processing a web page with a large number of invalid NNTP elements, and will result in loss of availability for the application. |
| 64788 | Opera mailto: URL IMG Element SRC Attribute Multiple Image Redirect DoS Opera contains a flaw that may allow a denial of service. The issue is triggered by using img.src to redirect to a website with large quantity of iFrames, which will result in loss of availability for the application. |
| 64784 | Opera mailto: URL Multiple IFRAME Element Handling DoS Opera contains a flaw that may allow a denial of service. The issue is triggered by processing a mailto: link which opens a web page with a large number of iframes, and will result in loss of availability for the application. |
| 62714 | Opera HTTP Content-Length Header Handling Remote Overflow |
| 62465 | Opera CSS Stylesheet Cross-origin Information Disclosure |
| 60528 | Opera Unspecified Issue |
| 60527 | Opera Exception Stacktrace Error Message XSS |
| 59357 | Opera Crafted Domain Name Handling Memory Corruption Arbitrary Code Execution |
| 57792 | Opera on Unix INPUT TYPE=file Implementation Weakness Targeted File Upload |
| 57790 | Opera X.509 Certificate MD2 Signed SSL Certificate Spoofing Weakness |
| 57642 | Opera SSL NULL / Wildcard Character Handling Spoofing Weakness |
| 57641 | Opera Unicode Character Handling Address Bar Spoofing Weakness |
| 57640 | Opera Collapsed Address Bar Displayed URI Update Spoofing Weakness |
| 57639 | Opera Revoked Intermediate Certificate Handling Weakness |
| 57607 | Opera HTTP Response Location Header data: URI XSS |
| 56490 | Opera 3xx CONNECT Response Pre-SSL Handshake MiTM Arbitrary Script Execution |
| 56487 | Opera Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS Site Sp... |
| 56482 | Opera iFrame HTTP / HTTPS Content Detection Weakness |
| 55131 | Opera Proxy Server CONNECT Response Document Context Determination Weakness M... |
| 53487 | Opera XML Document Tag Handling Application Crash DoS |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Opera Content-Length header integer overflow attempt RuleID : 16481 - Revision : 12 - Type : BROWSER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110204.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-100824.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-111208.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-100708.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-270.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-76.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110711.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-111208.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110707.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1201.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-03.nasl - Type : ACT_GATHER_INFO |
| 2012-06-18 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1200.nasl - Type : ACT_GATHER_INFO |
| 2012-05-14 | Name : The remote host contains a web browser that is potentially affected by a memo... File : opera_1164.nasl - Type : ACT_GATHER_INFO |
| 2012-04-03 | Name : The remote host contains a web browser that is potentially affected by multip... File : opera_1162.nasl - Type : ACT_GATHER_INFO |
| 2011-12-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2011-12-07 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1160.nasl - Type : ACT_GATHER_INFO |
| 2011-09-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1151.nasl - Type : ACT_GATHER_INFO |
| 2011-07-05 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1110.nasl - Type : ACT_GATHER_INFO |
| 2011-06-30 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1150.nasl - Type : ACT_GATHER_INFO |
| 2011-05-19 | Name : The remote host contains a web browser that is affected by memory corruption ... File : opera_1111.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-110204.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-02-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2eda0c5434ab11e0810300215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1101.nasl - Type : ACT_GATHER_INFO |
| 2010-12-17 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1100.nasl - Type : ACT_GATHER_INFO |
| 2010-08-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-100824.nasl - Type : ACT_GATHER_INFO |
| 2010-08-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-100824.nasl - Type : ACT_GATHER_INFO |
| 2010-08-12 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1061.nasl - Type : ACT_GATHER_INFO |
| 2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_opera-100708.nasl - Type : ACT_GATHER_INFO |
| 2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-100708.nasl - Type : ACT_GATHER_INFO |
| 2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-100708.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1060.nasl - Type : ACT_GATHER_INFO |
| 2010-06-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1054.nasl - Type : ACT_GATHER_INFO |
| 2010-03-22 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1051.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1050.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6431c4dbdeb411de90780030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1010.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_opera-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-11-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2fda6bd2c53c11deb157001999392805.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1001.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_opera-6473.nasl - Type : ACT_GATHER_INFO |
| 2009-09-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-090901.nasl - Type : ACT_GATHER_INFO |
| 2009-09-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_opera-090902.nasl - Type : ACT_GATHER_INFO |
| 2009-09-01 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1000.nasl - Type : ACT_GATHER_INFO |
| 2007-12-19 | Name : The remote host contains a web browser that is affected by several issues. File : opera_925.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:37:21 |
|
