8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.2%
Severity: High
Date : 2021-10-29
CVE-ID : CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980
Package : opera
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2444
The package opera before version 80.0.4170.63-1 is vulnerable to
multiple issues including arbitrary code execution and sandbox escape.
Upgrade to 80.0.4170.63-1.
The problems have been fixed upstream in version 80.0.4170.63.
None.
A use after free security issue has been found in the Garbage
Collection component of the Chromium browser engine before version
94.0.4606.81.
A heap buffer overflow security issue has been found in the Blink
component of the Chromium browser engine before version 94.0.4606.81.
A heap buffer overflow security issue has been found in the WebRTC
component of the Chromium browser engine before version 94.0.4606.81.
An inappropriate implementation security issue has been found in the
Sandbox component of the Chromium browser engine before version
94.0.4606.81.
A remote attacker could execute arbitrary code or disclose sensitive
information through crafted web content.
https://blogs.opera.com/desktop/changelog-for-80/
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
https://crbug.com/1252878
https://crbug.com/1236318
https://crbug.com/1247260
https://crbug.com/1254631
https://security.archlinux.org/CVE-2021-37977
https://security.archlinux.org/CVE-2021-37978
https://security.archlinux.org/CVE-2021-37979
https://security.archlinux.org/CVE-2021-37980
blogs.opera.com/desktop/changelog-for-80/
chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
crbug.com/1236318
crbug.com/1247260
crbug.com/1252878
crbug.com/1254631
security.archlinux.org/AVG-2444
security.archlinux.org/CVE-2021-37977
security.archlinux.org/CVE-2021-37978
security.archlinux.org/CVE-2021-37979
security.archlinux.org/CVE-2021-37980
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.2%