Search criteria
60 vulnerabilities found for opera by opera
VAR-201609-0068
Vulnerability from variot - Updated: 2023-12-18 13:24The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. TLS is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. TLS (full name Transport Layer Security) protocol is a set of protocols used to provide confidentiality and data integrity between two communication applications. There are security holes in TLS protocol 1.2 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "transport layer security",
"scope": "lte",
"trust": 1.0,
"vendor": "ietf",
"version": "1.2"
},
{
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "system setup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand shift",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "host agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.6,
"vendor": "opera",
"version": null
},
{
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.2"
},
{
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.1"
},
{
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "93071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ietf:transport_layer_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:system_setup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RISE GmbH",
"sources": [
{
"db": "BID",
"id": "93071"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8960",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86921",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-8960",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8960",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86921",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8960",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the \"Key Compromise Impersonation (KCI)\" issue. TLS is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. TLS (full name Transport Layer Security) protocol is a set of protocols used to provide confidentiality and data integrity between two communication applications. There are security holes in TLS protocol 1.2 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "BID",
"id": "93071"
},
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "VULMON",
"id": "CVE-2015-8960"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8960",
"trust": 2.9
},
{
"db": "BID",
"id": "93071",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/09/20/4",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-86921",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"db": "BID",
"id": "93071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"id": "VAR-201609-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86921"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:24:37.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Firefox",
"trust": 0.8,
"url": "https://www.mozilla.org/ja/firefox/desktop/"
},
{
"title": "Opera",
"trust": 0.8,
"url": "http://www.opera.com/ja"
},
{
"title": "Safari",
"trust": 0.8,
"url": "http://www.apple.com/jp/safari/"
},
{
"title": "Internet Explorer",
"trust": 0.8,
"url": "https://support.microsoft.com/ja-jp/products/internet-explorer"
},
{
"title": "TLS protocol Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64220"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://twitter.com/matthew_d_green/statuses/630908726950674433"
},
{
"trust": 2.6,
"url": "https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/93071"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20180626-0002/"
},
{
"trust": 1.8,
"url": "https://kcitls.org"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2016/09/20/4"
},
{
"trust": 1.1,
"url": "https://kcitls.org/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8960"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8960"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2016/q3/576"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"db": "BID",
"id": "93071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86921"
},
{
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"db": "BID",
"id": "93071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-86921"
},
{
"date": "2016-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"date": "2016-09-19T00:00:00",
"db": "BID",
"id": "93071"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"date": "2016-09-21T02:59:00.133000",
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"date": "2016-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-86921"
},
{
"date": "2018-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8960"
},
{
"date": "2016-10-03T00:02:00",
"db": "BID",
"id": "93071"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007257"
},
{
"date": "2023-01-30T17:33:01.257000",
"db": "NVD",
"id": "CVE-2015-8960"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS In the protocol TLS Vulnerability impersonating a server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-496"
}
],
"trust": 0.6
}
}
VAR-201609-0360
Vulnerability from variot - Updated: 2023-12-18 12:20The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTPS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol that communicates via Hypertext Transfer Protocol (HTTP) on a computer network and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There are security holes in the HTTPS protocol
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": null
},
{
"model": "opera",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"model": "edge",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "https",
"scope": "eq",
"trust": 0.3,
"vendor": "rfc",
"version": "28180"
},
{
"model": "opera",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "windows internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mathy Vanhoef and Tom Van Goethem",
"sources": [
{
"db": "BID",
"id": "92769"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7152",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7152",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7152",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-069",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95972",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95972"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack. HTTPS is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol that communicates via Hypertext Transfer Protocol (HTTP) on a computer network and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There are security holes in the HTTPS protocol",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "BID",
"id": "92769"
},
{
"db": "VULHUB",
"id": "VHN-95972"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7152",
"trust": 2.8
},
{
"db": "BID",
"id": "92769",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036744",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036745",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036741",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036742",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036743",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036746",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95972"
},
{
"db": "BID",
"id": "92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"id": "VAR-201609-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95972"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:20:21.704000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95972"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"trust": 2.5,
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92769"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036741"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036742"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036743"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036744"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036745"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036746"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7152"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc2818"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7152"
},
{
"trust": 0.6,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf"
},
{
"trust": 0.3,
"url": "http://httpwg.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95972"
},
{
"db": "BID",
"id": "92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95972"
},
{
"db": "BID",
"id": "92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95972"
},
{
"date": "2016-09-06T00:00:00",
"db": "BID",
"id": "92769"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"date": "2016-09-06T10:59:00.133000",
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95972"
},
{
"date": "2016-09-07T19:00:00",
"db": "BID",
"id": "92769"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004534"
},
{
"date": "2017-02-19T06:22:11.950000",
"db": "NVD",
"id": "CVE-2016-7152"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTPS Vulnerability in obtaining plaintext data in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-069"
}
],
"trust": 0.6
}
}
VAR-201609-0361
Vulnerability from variot - Updated: 2023-12-18 12:20The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTP/2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox",
"scope": null,
"trust": 1.4,
"vendor": "mozilla",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "edge",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http/2",
"scope": "eq",
"trust": 0.3,
"vendor": "rfc",
"version": "75400"
},
{
"model": "opera",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "windows internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mathy Vanhoef and Tom Van Goethem",
"sources": [
{
"db": "BID",
"id": "92773"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7153",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack. HTTP/2 is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7153",
"trust": 2.8
},
{
"db": "BID",
"id": "92773",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036744",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036745",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036741",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036742",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036743",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036746",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95973",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"id": "VAR-201609-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:20:21.734000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"trust": 2.5,
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92773"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036741"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036742"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036743"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036744"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036745"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036746"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7153"
},
{
"trust": 0.8,
"url": "http://http2.info/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7153"
},
{
"trust": 0.6,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf"
},
{
"trust": 0.3,
"url": "http://httpwg.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-06T00:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2016-09-06T10:59:01.493000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-07T19:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2017-02-19T06:22:12.027000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 Vulnerability in obtaining plaintext data in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
}
}
FKIE_CVE-2020-6159
Vulnerability from fkie_nvd - Published: 2020-12-23 16:15 - Updated: 2024-11-21 05:35
Severity ?
Summary
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CA95102F-64EF-48D0-BD23-F21D6F69F47D",
"versionEndExcluding": "61.0.3076.56532",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
},
{
"lang": "es",
"value": "Las URL que usan \"javascript:\" tienen el protocolo removido cuando se pegaban en la barra de direcciones para proteger a usuarios de ataques de tipo cross-site scripting (XSS), pero en determinadas circunstancias esta eliminaci\u00f3n no fue llevada a cabo.\u0026#xa0;Esto podr\u00eda permitir a usuarios hacer ingenier\u00eda social para ejecutar un ataque de tipo XSS contra ellos mismos.\u0026#xa0;Esta vulnerabilidad afecta a las versiones de Opera para Android para versiones por debajo de 61.0.3076.56532"
}
],
"id": "CVE-2020-6159",
"lastModified": "2024-11-21T05:35:13.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-23T16:15:13.093",
"references": [
{
"source": "security@opera.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"sourceIdentifier": "security@opera.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opera.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-12278
Vulnerability from fkie_nvd - Published: 2020-03-12 22:15 - Updated: 2024-11-21 04:22
Severity ?
Summary
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:52.1.2517.139570:*:*:*:*:android:*:*",
"matchCriteriaId": "161BBBB1-D6C6-44C8-8C5E-BDEC5BD12538",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL."
},
{
"lang": "es",
"value": "Opera versiones hasta 53 en Android, permite una Suplantaci\u00f3n de la Barra de Direcciones. Los caracteres de varios idiomas son desplegados en orden de derecha a izquierda, debido al manejo inapropiado de varios caracteres Unicode. El mecanismo de renderizaci\u00f3n, en conjunto con el concepto de \"first strong character\" puede operar inapropiadamente en una direcci\u00f3n IP num\u00e9rica o una cadena alfab\u00e9tica, conllevando a una URL suplantada."
}
],
"id": "CVE-2019-12278",
"lastModified": "2024-11-21T04:22:33.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T22:15:14.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19788
Vulnerability from fkie_nvd - Published: 2019-12-18 22:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7E01E634-882C-4D4C-A906-3052EC09A396",
"versionEndExcluding": "54.0.2669.49432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
},
{
"lang": "es",
"value": "Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisi\u00f3n de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentro de un iframe del sandbox, es posible omitir los atributos normales del sandbox. Esto permite a un atacante realizar redireccionamientos forzados sin ninguna interacci\u00f3n del usuario desde un contexto de terceros."
}
],
"id": "CVE-2019-19788",
"lastModified": "2024-11-21T04:35:23.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T22:15:13.677",
"references": [
{
"source": "security@opera.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"sourceIdentifier": "security@opera.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-7152
Vulnerability from fkie_nvd - Published: 2016-09-06 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2045F5-B973-49F1-8FFD-778BADCEC00F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
},
{
"lang": "es",
"value": "El protocolo HTTPS no considera el rol de la ventana de congesti\u00f3n TCP cuando da informaci\u00f3n sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuraci\u00f3n de navegador web donde son enviadas cookies de terceros, tambi\u00e9n conocido como ataque \"HEIST\"."
}
],
"id": "CVE-2016-7152",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-06T10:59:00.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92769"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036741"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036742"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036743"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036745"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036746"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5227
Vulnerability from fkie_nvd - Published: 2012-09-07 10:32 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF6DE06-AB83-422B-8CB5-E688603DE6B7",
"versionEndIncluding": "10.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Opera anterior a v10.62 permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo dwmapi.dll caballo de troya en el directorio de trabajo actual, como lo demuestra un directorio que contiene un htm.,. Mht,. Mhtml,. XHT,. XHTM , o. xhtl archivo. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \u0027CWE-426 Untrusted Search Path\u0027",
"id": "CVE-2010-5227",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-07T10:32:18.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41083"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14732"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opera.com/support/kb/view/970/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2068
Vulnerability from fkie_nvd - Published: 2009-06-15 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:5..10:*:*:*:*:*:*:*",
"matchCriteriaId": "40073FD8-6E5A-4770-837A-CAF0C8FD2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F071C3F7-A3C4-475D-8843-B52F2DB7C56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "1CBC39B3-4106-4B28-8AFB-4F4B5B5119D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "763CEF7F-AAB2-4C16-BDC2-E5F864111592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_4:*:*:*:*:*:*",
"matchCriteriaId": "B66F0EC7-452C-4847-B028-5086FE657440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_5:*:*:*:*:*:*",
"matchCriteriaId": "5F966486-485B-4B0D-9BE1-F1D39CB08863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_6:*:*:*:*:*:*",
"matchCriteriaId": "A32E4272-6CEF-4C1C-BDA2-96863E8301DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_7:*:*:*:*:*:*",
"matchCriteriaId": "47B21D05-A906-44B5-AEDA-73D383B905E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "E0BA115B-C42E-4794-90BC-778B0C85CE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00ED2069-849A-4E62-88B3-323A8682F573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0F2643-923D-4072-B5A4-6321066C3AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5830888-AE31-4C80-A923-EA83B4464859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D45E22AA-46A6-42F3-9E5B-95958163EF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "655604B2-773D-4F94-951B-6E17E123EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E856FB7-7315-4ABF-A835-0BEF9BA10DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22CFC5-1607-4FF1-8681-24AE2C167C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF854C3-7C1A-4B0D-B27D-10B52B9C41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C27A748-0792-499F-A3A1-3C9528A5AD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E606F772-09E2-40F1-84C1-1A5B2BBD2FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4500A623-BD2C-461A-B862-2C51BD25BE71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E77793-94BC-47D8-B2D1-D3B020DEF93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EC8D15-02D5-4988-85FD-50B1ABCC7B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "BC32B83A-4E91-4D1D-8051-35F339E61A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF315DF-C0C9-468C-8C7E-C4547AF431FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "63114EE0-54F7-4418-9B9E-C37BB2869F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "CF5C9CB9-6396-415D-AC64-312F47A76177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "C8F3056A-14B5-411F-8FE8-80AF5605001D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6B223-8575-40C7-9EDA-BDDCF6ABDBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B5159296-AD9C-4199-B5DF-539EE61D45A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BE952E7C-EBDC-4652-95C3-C308BBEF1FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE616514-882C-4ED2-BB0C-1248B8316ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "00A6FD59-C258-4A49-81C9-F6E58FB30117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DADA8A93-4DF4-4C95-860E-65CA46B12DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EF0387-AEFC-40BC-A7C8-28F175844CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B176A-1200-4E75-BFC0-AA5F87E2AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "911B0336-02CE-426C-ABFF-8CFD3BC146CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "26FC4ABB-EDA9-426D-ADC9-E7DABEB8A64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5435A52-0F9D-41AC-9FF9-93A512D0103C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "790C5B0D-9A06-4C0C-BBBF-9B4C17857213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1v2:*:*:*:*:*:*",
"matchCriteriaId": "620666CE-AABB-4A36-9566-425F2C810F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "BD72F9AF-EFD5-408B-9FC3-6341F92B39B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2590789F-F333-4AD0-82B4-D6D9B9E0F5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "355242B3-33ED-4B65-8373-3CDC6C556B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A685E97D-3B0F-4C69-8124-F3AB26905124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FDEC39-7B53-4AD9-9EDF-D95860264345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F056E-BB13-4453-8065-C18E6171AC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0221A7DE-9F8F-46A4-B609-1F10D2606370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A3089B27-E279-46B8-91C3-2040DBEBC281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7433778F-DE4F-48A7-8AF7-8DBD17DC4C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "02178B82-3805-4B7C-B341-4F4E280B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8888D-6CC5-4ED8-9907-0B9709F2980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "431AE65C-5A7A-48D3-8A73-EC20CC86CB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8A860F7C-F2FF-40A9-88DA-35766836A8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "47871B2C-F6DA-4C92-BA15-90BA8FE3F979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E2EA7B-19D5-4A6A-88BE-BEEEAA792536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8E50D780-F507-49BC-8C34-477C6A7C3741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA7025B-BBB5-43BC-AB6E-E41E56430AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:update_1:*:*:*:*:*:*",
"matchCriteriaId": "5E33873C-DFD6-4450-8A9A-31CF2437E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.55:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC4A969-1099-4F99-AA39-0BDB7654044C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00336594-FE61-4815-B52F-90BE545E9428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "262ADE2E-4E91-4BA3-AAAD-A1B3A18EAAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "587EBDA2-C0F1-469B-A9A9-68634CF058A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCE749D-8553-4365-A8C5-A6C9037FEAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "38F2F078-9620-4ED1-BA42-44C167DEF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.51:*:*:*:*:*:*:*",
"matchCriteriaId": "A006AB3D-3228-4980-A45C-F331E8236867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.52:*:*:*:*:*:*:*",
"matchCriteriaId": "625DF977-9C3A-4904-BF77-DE1CE7C9AA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C0B1FD-140F-43BF-963F-55C6929DE68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "244D2B12-5C3A-4007-B93C-0194417C00A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "C1C64664-5B10-48E4-A457-56DBC8EB30D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "85AD3AC7-F403-4A80-B56B-D32DF61A708A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.02:*:*:*:*:*:*:*",
"matchCriteriaId": "DADC950D-2542-43B3-BC71-FFE3AD76E29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFDBC5-7ADB-4F66-8F0A-B234FC9C9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B57ECE1A-72DE-4E9C-B762-2935A964277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C204EE-8435-4CCA-B08C-60E702441AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B766176F-E80A-433A-AC30-1A1265FCDE53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
},
{
"lang": "es",
"value": "Google Chrome detecta contenido http en p\u00e1ginas https \u00fanicamente cuando el marco (frame) de nivel superior usa https, lo que permite a atacantes \"hombre-en-medio\" (man-in-the-middle o MITM) ejecutar secuencias de comandos web de su elecci\u00f3n, en un contexto de sitio https, modificando una p\u00e1gina http para incluir un iframe https que referencia al archivo en un sitio http con la secuencia de comandos. Relacionado con \"P\u00e1ginas HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"id": "CVE-2009-2068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-15T19:30:05.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5679
Vulnerability from fkie_nvd - Published: 2008-12-19 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E55AA4C5-7075-4336-AFC0-F8981054F8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "470B01C5-EB35-4105-86EA-81D7FD51D1C2",
"versionEndIncluding": "9.62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5..10:*:*:*:*:*:*:*",
"matchCriteriaId": "40073FD8-6E5A-4770-837A-CAF0C8FD2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F071C3F7-A3C4-475D-8843-B52F2DB7C56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "1CBC39B3-4106-4B28-8AFB-4F4B5B5119D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "763CEF7F-AAB2-4C16-BDC2-E5F864111592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_4:*:*:*:*:*:*",
"matchCriteriaId": "B66F0EC7-452C-4847-B028-5086FE657440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_5:*:*:*:*:*:*",
"matchCriteriaId": "5F966486-485B-4B0D-9BE1-F1D39CB08863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_6:*:*:*:*:*:*",
"matchCriteriaId": "A32E4272-6CEF-4C1C-BDA2-96863E8301DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_7:*:*:*:*:*:*",
"matchCriteriaId": "47B21D05-A906-44B5-AEDA-73D383B905E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "E0BA115B-C42E-4794-90BC-778B0C85CE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00ED2069-849A-4E62-88B3-323A8682F573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0F2643-923D-4072-B5A4-6321066C3AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5830888-AE31-4C80-A923-EA83B4464859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D45E22AA-46A6-42F3-9E5B-95958163EF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "655604B2-773D-4F94-951B-6E17E123EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E856FB7-7315-4ABF-A835-0BEF9BA10DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22CFC5-1607-4FF1-8681-24AE2C167C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF854C3-7C1A-4B0D-B27D-10B52B9C41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C27A748-0792-499F-A3A1-3C9528A5AD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E606F772-09E2-40F1-84C1-1A5B2BBD2FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4500A623-BD2C-461A-B862-2C51BD25BE71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E77793-94BC-47D8-B2D1-D3B020DEF93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EC8D15-02D5-4988-85FD-50B1ABCC7B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "BC32B83A-4E91-4D1D-8051-35F339E61A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF315DF-C0C9-468C-8C7E-C4547AF431FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "63114EE0-54F7-4418-9B9E-C37BB2869F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "CF5C9CB9-6396-415D-AC64-312F47A76177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "C8F3056A-14B5-411F-8FE8-80AF5605001D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6B223-8575-40C7-9EDA-BDDCF6ABDBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B5159296-AD9C-4199-B5DF-539EE61D45A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BE952E7C-EBDC-4652-95C3-C308BBEF1FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE616514-882C-4ED2-BB0C-1248B8316ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "00A6FD59-C258-4A49-81C9-F6E58FB30117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DADA8A93-4DF4-4C95-860E-65CA46B12DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EF0387-AEFC-40BC-A7C8-28F175844CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B176A-1200-4E75-BFC0-AA5F87E2AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "911B0336-02CE-426C-ABFF-8CFD3BC146CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "26FC4ABB-EDA9-426D-ADC9-E7DABEB8A64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7:beta_1.2:*:*:*:*:*:*",
"matchCriteriaId": "DB0E448B-8A9C-44BF-AE29-D05900F6FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5435A52-0F9D-41AC-9FF9-93A512D0103C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "790C5B0D-9A06-4C0C-BBBF-9B4C17857213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1v2:*:*:*:*:*:*",
"matchCriteriaId": "620666CE-AABB-4A36-9566-425F2C810F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "BD72F9AF-EFD5-408B-9FC3-6341F92B39B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2590789F-F333-4AD0-82B4-D6D9B9E0F5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "355242B3-33ED-4B65-8373-3CDC6C556B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A685E97D-3B0F-4C69-8124-F3AB26905124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FDEC39-7B53-4AD9-9EDF-D95860264345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F056E-BB13-4453-8065-C18E6171AC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0221A7DE-9F8F-46A4-B609-1F10D2606370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A3089B27-E279-46B8-91C3-2040DBEBC281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7433778F-DE4F-48A7-8AF7-8DBD17DC4C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "02178B82-3805-4B7C-B341-4F4E280B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8888D-6CC5-4ED8-9907-0B9709F2980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8A860F7C-F2FF-40A9-88DA-35766836A8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "47871B2C-F6DA-4C92-BA15-90BA8FE3F979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E2EA7B-19D5-4A6A-88BE-BEEEAA792536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8E50D780-F507-49BC-8C34-477C6A7C3741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "476868D1-E4EA-4F9A-8282-0CE5BB574362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA7025B-BBB5-43BC-AB6E-E41E56430AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:update_1:*:*:*:*:*:*",
"matchCriteriaId": "5E33873C-DFD6-4450-8A9A-31CF2437E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:update_2:*:*:*:*:*:*",
"matchCriteriaId": "D4D545A5-A8D9-4678-BB58-248B999AF4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00336594-FE61-4815-B52F-90BE545E9428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "262ADE2E-4E91-4BA3-AAAD-A1B3A18EAAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "587EBDA2-C0F1-469B-A9A9-68634CF058A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "3EBC3851-2A2E-41E9-A6D0-D41334BF7C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCE749D-8553-4365-A8C5-A6C9037FEAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "38F2F078-9620-4ED1-BA42-44C167DEF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B61DF6-755B-44D1-88C2-F3EF33BD6183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.51:*:*:*:*:*:*:*",
"matchCriteriaId": "A006AB3D-3228-4980-A45C-F331E8236867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.52:*:*:*:*:*:*:*",
"matchCriteriaId": "625DF977-9C3A-4904-BF77-DE1CE7C9AA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C0B1FD-140F-43BF-963F-55C6929DE68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "244D2B12-5C3A-4007-B93C-0194417C00A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDD65A0-57AA-4374-AF0D-EBE7B6F4A3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "C1C64664-5B10-48E4-A457-56DBC8EB30D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "9EC34889-5A1F-4763-995E-67EE06EFB817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "85AD3AC7-F403-4A80-B56B-D32DF61A708A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.02:*:*:*:*:*:*:*",
"matchCriteriaId": "DADC950D-2542-43B3-BC71-FFE3AD76E29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC3478B-E45C-415C-B3D8-D9937BB3D98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFDBC5-7ADB-4F66-8F0A-B234FC9C9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B57ECE1A-72DE-4E9C-B762-2935A964277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.20:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "83D2E44B-7DD4-4C41-BCCB-4B6F1D7DE171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C204EE-8435-4CCA-B08C-60E702441AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "64166ABD-39BA-482C-BCA5-44468105E8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B766176F-E80A-433A-AC30-1A1265FCDE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC06019-8CF0-4F01-8A63-853FB3F60185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E09E20-40D5-4166-B870-5954339E176D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E751386F-0179-4BE7-9F46-66455EAFB1A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7D9843-8967-4E36-9609-4497EECB2842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "16F85686-88F9-412C-9105-F94D4D4D61FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.50:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "1646DDF9-C217-4EF6-83D0-8F0CB2A16E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.50:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "29DDD7BF-9265-4202-93C1-98FAEC336190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "089A088C-6DAE-4335-AD14-DACE64641A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8DBBA4-B5A1-41FC-9E09-7D2397383C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C77201A9-5FAA-47F6-8C1A-6B55C5A2B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.60:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "C5F81D1F-EB31-4B3C-BD2F-27242BC976EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.61:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD18939-757A-4ED5-81EB-5D83FD305A0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
},
{
"lang": "es",
"value": "El motor de an\u00e1lisis HTML en versiones de Opera anteriores a la 9.63 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de p\u00e1ginas web convenientemente modificadas ocasionando un calculo de puntero inv\u00e1lido y la corrupci\u00f3n del mont\u00edculo (heap)."
}
],
"id": "CVE-2008-5679",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-19T16:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34294"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4791"
},
{
"source": "cve@mitre.org",
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021460"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5428
Vulnerability from fkie_nvd - Published: 2008-12-11 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera | opera | 9.51 | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "089A088C-6DAE-4335-AD14-DACE64641A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
},
{
"lang": "es",
"value": "Opera v9.51 en Windows XP no gestiona apropiadamente 1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electr\u00f3nico con muchas cabeceras \"Content-type: message/rfc822;\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila o consumo de otros recursos) mediante un correo electr\u00f3nico de gran tama\u00f1o, un problema relacionado a CVE-2006-1173."
}
],
"id": "CVE-2008-5428",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-11T15:30:00.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4721"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5178
Vulnerability from fkie_nvd - Published: 2008-11-20 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:9.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2274B160-A577-4D40-8A89-345A858CE892",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Opera v9.62 que permitir\u00eda a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un fichero largo: // URI."
}
],
"id": "CVE-2008-5178",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-20T15:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49882"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32752"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34294"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/support/kb/view/922/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/support/kb/view/922/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7135"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-6159 (GCVE-0-2020-6159)
Vulnerability from cvelistv5 – Published: 2020-12-23 15:08 – Updated: 2024-08-04 08:55
VLAI?
Summary
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (CWE-79)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera for Android |
Affected:
Below 61.0.3076.56532
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:21.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 61.0.3076.56532"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T15:08:58",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2020-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 61.0.3076.56532"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2020-6159",
"datePublished": "2020-12-23T15:08:58",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:55:21.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12278 (GCVE-0-2019-12278)
Vulnerability from cvelistv5 – Published: 2020-03-12 21:48 – Updated: 2024-08-04 23:17
VLAI?
Summary
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:48:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.opera.com/en/latest/security-and-privacy/",
"refsource": "MISC",
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"name": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12278",
"datePublished": "2020-03-12T21:48:40",
"dateReserved": "2019-05-22T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19788 (GCVE-0-2019-19788)
Vulnerability from cvelistv5 – Published: 2019-12-18 21:31 – Updated: 2024-08-05 02:25
VLAI?
Summary
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
Severity ?
No CVSS data available.
CWE
- Bypass a restriction or similar
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opera Software AS | Opera for Android |
Affected:
Below 54.0.2669.49432
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "Opera Software AS",
"versions": [
{
"status": "affected",
"version": "Below 54.0.2669.49432"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass a restriction or similar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:31:10",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2019-19788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 54.0.2669.49432"
}
]
}
}
]
},
"vendor_name": "Opera Software AS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass a restriction or similar"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2019-19788",
"datePublished": "2019-12-18T21:31:10",
"dateReserved": "2019-12-13T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7152 (GCVE-0-2016-7152)
Vulnerability from cvelistv5 – Published: 2016-09-06 10:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92769"
},
{
"name": "https://tom.vg/papers/heist_blackhat2016.pdf",
"refsource": "MISC",
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036745"
},
{
"name": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7152",
"datePublished": "2016-09-06T10:00:00",
"dateReserved": "2016-09-06T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5227 (GCVE-0-2010-5227)
Vulnerability from cvelistv5 – Published: 2012-09-07 10:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:09.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41083"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1062/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"name": "http://www.opera.com/support/kb/view/970/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5227",
"datePublished": "2012-09-07T10:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:53.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2068 (GCVE-0-2009-2068)
Vulnerability from cvelistv5 – Published: 2009-06-15 19:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2068",
"datePublished": "2009-06-15T19:00:00",
"dateReserved": "2009-06-15T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5679 (GCVE-0-2008-5679)
Vulnerability from cvelistv5 – Published: 2008-12-19 16:09 – Updated: 2024-08-07 11:04
VLAI?
Summary
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/963/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021460"
},
{
"name": "http://www.opera.com/support/kb/view/921/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5679",
"datePublished": "2008-12-19T16:09:00",
"dateReserved": "2008-12-19T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5428 (GCVE-0-2008-5428)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5428",
"datePublished": "2008-12-11T15:00:00",
"dateReserved": "2008-12-11T00:00:00",
"dateUpdated": "2024-08-07T10:56:45.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5178 (GCVE-0-2008-5178)
Vulnerability from cvelistv5 – Published: 2008-11-20 15:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/922/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/922/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"refsource": "OSVDB",
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"name": "http://www.opera.com/support/kb/view/922/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/922/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5178",
"datePublished": "2008-11-20T15:00:00",
"dateReserved": "2008-11-20T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6159 (GCVE-0-2020-6159)
Vulnerability from nvd – Published: 2020-12-23 15:08 – Updated: 2024-08-04 08:55
VLAI?
Summary
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (CWE-79)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Opera for Android |
Affected:
Below 61.0.3076.56532
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:21.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Below 61.0.3076.56532"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T15:08:58",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2020-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 61.0.3076.56532"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2020-6159",
"datePublished": "2020-12-23T15:08:58",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:55:21.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12278 (GCVE-0-2019-12278)
Vulnerability from nvd – Published: 2020-03-12 21:48 – Updated: 2024-08-04 23:17
VLAI?
Summary
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:48:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.opera.com/en/latest/security-and-privacy/",
"refsource": "MISC",
"url": "https://help.opera.com/en/latest/security-and-privacy/"
},
{
"name": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12278",
"datePublished": "2020-03-12T21:48:40",
"dateReserved": "2019-05-22T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19788 (GCVE-0-2019-19788)
Vulnerability from nvd – Published: 2019-12-18 21:31 – Updated: 2024-08-05 02:25
VLAI?
Summary
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
Severity ?
No CVSS data available.
CWE
- Bypass a restriction or similar
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opera Software AS | Opera for Android |
Affected:
Below 54.0.2669.49432
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opera for Android",
"vendor": "Opera Software AS",
"versions": [
{
"status": "affected",
"version": "Below 54.0.2669.49432"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass a restriction or similar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:31:10",
"orgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"shortName": "Opera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@opera.com",
"ID": "CVE-2019-19788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opera for Android",
"version": {
"version_data": [
{
"version_value": "Below 54.0.2669.49432"
}
]
}
}
]
},
"vendor_name": "Opera Software AS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass a restriction or similar"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/",
"refsource": "MISC",
"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9aee7086-24f5-48b4-9428-908ac90b8b54",
"assignerShortName": "Opera",
"cveId": "CVE-2019-19788",
"datePublished": "2019-12-18T21:31:10",
"dateReserved": "2019-12-13T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7152 (GCVE-0-2016-7152)
Vulnerability from nvd – Published: 2016-09-06 10:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036741"
},
{
"name": "1036742",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036742"
},
{
"name": "92769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92769"
},
{
"name": "https://tom.vg/papers/heist_blackhat2016.pdf",
"refsource": "MISC",
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"name": "1036745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036745"
},
{
"name": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"name": "1036744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036744"
},
{
"name": "1036743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036743"
},
{
"name": "1036746",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7152",
"datePublished": "2016-09-06T10:00:00",
"dateReserved": "2016-09-06T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5227 (GCVE-0-2010-5227)
Vulnerability from nvd – Published: 2012-09-07 10:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:09.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41083"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1062/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1062/"
},
{
"name": "http://www.opera.com/support/kb/view/970/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/970/"
},
{
"name": "14732",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5227",
"datePublished": "2012-09-07T10:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:53.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2068 (GCVE-0-2009-2068)
Vulnerability from nvd – Published: 2009-06-15 19:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "googlechrome-https-security-bypass(51192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2068",
"datePublished": "2009-06-15T19:00:00",
"dateReserved": "2009-06-15T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5679 (GCVE-0-2008-5679)
Vulnerability from nvd – Published: 2008-12-19 16:09 – Updated: 2024-08-07 11:04
VLAI?
Summary
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/963/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021460"
},
{
"name": "http://www.opera.com/support/kb/view/921/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5679",
"datePublished": "2008-12-19T16:09:00",
"dateReserved": "2008-12-19T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5428 (GCVE-0-2008-5428)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5428",
"datePublished": "2008-12-11T15:00:00",
"dateReserved": "2008-12-11T00:00:00",
"dateUpdated": "2024-08-07T10:56:45.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5178 (GCVE-0-2008-5178)
Vulnerability from nvd – Published: 2008-11-20 15:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/922/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/922/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32323"
},
{
"name": "ADV-2008-3183",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3183"
},
{
"name": "20081117 Opera 9.6x file:// overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html"
},
{
"name": "32752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32752"
},
{
"name": "7135",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7135"
},
{
"name": "opera-filehandler-bo(46653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46653"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "49882",
"refsource": "OSVDB",
"url": "http://osvdb.org/49882"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"name": "http://www.opera.com/support/kb/view/922/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/922/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5178",
"datePublished": "2008-11-20T15:00:00",
"dateReserved": "2008-11-20T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}