ID CVE-2011-2614 Type cve Reporter cve@mitre.org Modified 2011-07-11T04:00:00
Description
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.
{"openvas": [{"lastseen": "2017-09-04T14:20:13", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2017-08-31T00:00:00", "published": "2011-07-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802107", "id": "OPENVAS:802107", "title": "Opera Browser Multiple Vulnerabilities Jul-11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln_win_jul11.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Opera Web Browser Version prior 11.50\";\ntag_insight = \"For information about vulnerability refer the references.\";\ntag_solution = \"Upgrade to Opera Web Browser Version 11.50 or later,\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802107);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-05 13:15:06 +0200 (Tue, 05 Jul 2011)\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\",\n \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\",\n \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\",\n \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\",\n \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\",\n \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Opera Browser Multiple Vulnerabilities Jul-11 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45060\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/windows/1150/\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_require_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get Opera Version from KB\noperaVer = get_kb_item(\"Opera/Win/Version\");\n\nif(operaVer)\n{\n ## Grep for Opera Versions prior to 11.50\n if(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:43", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2017-04-24T00:00:00", "published": "2012-04-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802739", "id": "OPENVAS:802739", "title": "Opera Browser Multiple Vulnerabilities July-11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln_lin_jul11.nasl 6018 2017-04-24 09:02:24Z teissa $\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Opera Web Browser version prior 11.50 on Linux\";\ntag_insight = \"For information about vulnerability refer the references.\";\ntag_solution = \"Upgrade to Opera Web Browser version 11.50 or later,\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802739);\n script_version(\"$Revision: 6018 $\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\",\n \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\",\n \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\",\n \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500, 48556);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-10 11:44:51 +0530 (Tue, 10 Apr 2012)\");\n script_name(\"Opera Browser Multiple Vulnerabilities July-11 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45060\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/unix/1150/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_require_keys(\"Opera/Linux/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\noperaVer = \"\";\n\n## Get Opera Version from KB\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\n## Grep for Opera Versions prior to 11.50\nif(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-19T00:00:00", "id": "OPENVAS:1361412562310802753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802753", "title": "Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln_macosx_july11.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802753\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\",\n \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\",\n \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\",\n \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500, 48556);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-19 10:01:43 +0530 (Thu, 19 Apr 2012)\");\n script_name(\"Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45060\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/mac/1150/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_mandatory_keys(\"Opera/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Opera Web Browser version prior 11.50 on Mac OS X\");\n script_tag(name:\"insight\", value:\"For information about vulnerability refer the references.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera Web Browser version 11.50 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:40", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2017-04-14T00:00:00", "published": "2012-04-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802753", "id": "OPENVAS:802753", "title": "Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln_macosx_july11.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Opera Web Browser version prior 11.50 on Mac OS X\";\ntag_insight = \"For information about vulnerability refer the references.\";\ntag_solution = \"Upgrade to Opera Web Browser version 11.50 or later,\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802753);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\",\n \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\",\n \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\",\n \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500, 48556);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-19 10:01:43 +0530 (Thu, 19 Apr 2012)\");\n script_name(\"Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45060\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/mac/1150/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_require_keys(\"Opera/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\noperaVer = \"\";\n\n## Get Opera Version from KB\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\n## Grep for Opera Versions prior to 11.50\nif(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2011-07-05T00:00:00", "id": "OPENVAS:1361412562310802107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802107", "title": "Opera Browser Multiple Vulnerabilities Jul-11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802107\");\n script_version(\"2019-05-03T13:51:56+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 13:51:56 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-07-05 13:15:06 +0200 (Tue, 05 Jul 2011)\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\",\n \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\",\n \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\",\n \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\",\n \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\",\n \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Opera Browser Multiple Vulnerabilities Jul-11 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45060\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/windows/1150/\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_portable_win.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Opera Web Browser Version prior 11.50\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Opera Web Browser Version 11.50 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\n\nif(operaVer)\n{\n if(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "description": "The host is installed with Opera browser and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-10T00:00:00", "id": "OPENVAS:1361412562310802739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802739", "title": "Opera Browser Multiple Vulnerabilities July-11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln_lin_jul11.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Opera Browser Multiple Vulnerabilities July-11 (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802739\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\",\n \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\",\n \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\",\n \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\",\n \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n script_bugtraq_id(48501, 48500, 48556);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-10 11:44:51 +0530 (Tue, 10 Apr 2012)\");\n script_name(\"Opera Browser Multiple Vulnerabilities July-11 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45060\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/68323\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/unix/1150/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_mandatory_keys(\"Opera/Linux/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n and cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Opera Web Browser version prior 11.50 on Linux\");\n script_tag(name:\"insight\", value:\"For information about vulnerability refer the references.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera Web Browser version 11.50 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera browser and is prone to multiple\n vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"11.50\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-03.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71547", "id": "OPENVAS:71547", "title": "Gentoo Security Advisory GLSA 201206-03 (Opera)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Opera, the worst of\n which allow for the execution of arbitrary code.\";\ntag_solution = \"All Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=264831\nhttp://bugs.gentoo.org/show_bug.cgi?id=283391\nhttp://bugs.gentoo.org/show_bug.cgi?id=290862\nhttp://bugs.gentoo.org/show_bug.cgi?id=293902\nhttp://bugs.gentoo.org/show_bug.cgi?id=294208\nhttp://bugs.gentoo.org/show_bug.cgi?id=294680\nhttp://bugs.gentoo.org/show_bug.cgi?id=308069\nhttp://bugs.gentoo.org/show_bug.cgi?id=324189\nhttp://bugs.gentoo.org/show_bug.cgi?id=325199\nhttp://bugs.gentoo.org/show_bug.cgi?id=326413\nhttp://bugs.gentoo.org/show_bug.cgi?id=332449\nhttp://bugs.gentoo.org/show_bug.cgi?id=348874\nhttp://bugs.gentoo.org/show_bug.cgi?id=352750\nhttp://bugs.gentoo.org/show_bug.cgi?id=367837\nhttp://bugs.gentoo.org/show_bug.cgi?id=373289\nhttp://bugs.gentoo.org/show_bug.cgi?id=381275\nhttp://bugs.gentoo.org/show_bug.cgi?id=386217\nhttp://bugs.gentoo.org/show_bug.cgi?id=387137\nhttp://bugs.gentoo.org/show_bug.cgi?id=393395\nhttp://bugs.gentoo.org/show_bug.cgi?id=409857\nhttp://bugs.gentoo.org/show_bug.cgi?id=415379\nhttp://bugs.gentoo.org/show_bug.cgi?id=421075\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-03.\";\n\n \n \nif(description)\n{\n script_id(71547);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1234\", \"CVE-2009-2059\", \"CVE-2009-2063\", \"CVE-2009-2067\", \"CVE-2009-2070\", \"CVE-2009-3013\", \"CVE-2009-3044\", \"CVE-2009-3045\", \"CVE-2009-3046\", \"CVE-2009-3047\", \"CVE-2009-3048\", \"CVE-2009-3049\", \"CVE-2009-3831\", \"CVE-2009-4071\", \"CVE-2009-4072\", \"CVE-2010-0653\", \"CVE-2010-1349\", \"CVE-2010-1989\", \"CVE-2010-1993\", \"CVE-2010-2121\", \"CVE-2010-2421\", \"CVE-2010-2455\", \"CVE-2010-2576\", \"CVE-2010-2658\", \"CVE-2010-2659\", \"CVE-2010-2660\", \"CVE-2010-2661\", \"CVE-2010-2662\", \"CVE-2010-2663\", \"CVE-2010-2664\", \"CVE-2010-2665\", \"CVE-2010-3019\", \"CVE-2010-3020\", \"CVE-2010-3021\", \"CVE-2010-4579\", \"CVE-2010-4580\", \"CVE-2010-4581\", \"CVE-2010-4582\", \"CVE-2010-4583\", \"CVE-2010-4584\", \"CVE-2010-4585\", \"CVE-2010-4586\", \"CVE-2011-0681\", \"CVE-2011-0682\", \"CVE-2011-0683\", \"CVE-2011-0684\", \"CVE-2011-0685\", \"CVE-2011-0686\", \"CVE-2011-0687\", \"CVE-2011-1337\", \"CVE-2011-1824\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\", \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\", \"CVE-2011-2628\", \"CVE-2011-2629\", \"CVE-2011-2630\", \"CVE-2011-2631\", \"CVE-2011-2632\", \"CVE-2011-2633\", \"CVE-2011-2634\", \"CVE-2011-2635\", \"CVE-2011-2636\", \"CVE-2011-2637\", \"CVE-2011-2638\", \"CVE-2011-2639\", \"CVE-2011-2640\", \"CVE-2011-2641\", \"CVE-2011-3388\", \"CVE-2011-4065\", \"CVE-2011-4681\", \"CVE-2011-4682\", \"CVE-2011-4683\", \"CVE-2012-1924\", \"CVE-2012-1925\", \"CVE-2012-1926\", \"CVE-2012-1927\", \"CVE-2012-1928\", \"CVE-2012-1930\", \"CVE-2012-1931\", \"CVE-2012-3555\", \"CVE-2012-3556\", \"CVE-2012-3557\", \"CVE-2012-3558\", \"CVE-2012-3560\", \"CVE-2012-3561\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-03 (Opera)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-client/opera\", unaffected: make_list(\"ge 12.00.1467\"), vulnerable: make_list(\"lt 12.00.1467\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-03.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071547", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071547", "title": "Gentoo Security Advisory GLSA 201206-03 (Opera)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_03.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71547\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1234\", \"CVE-2009-2059\", \"CVE-2009-2063\", \"CVE-2009-2067\", \"CVE-2009-2070\", \"CVE-2009-3013\", \"CVE-2009-3044\", \"CVE-2009-3045\", \"CVE-2009-3046\", \"CVE-2009-3047\", \"CVE-2009-3048\", \"CVE-2009-3049\", \"CVE-2009-3831\", \"CVE-2009-4071\", \"CVE-2009-4072\", \"CVE-2010-0653\", \"CVE-2010-1349\", \"CVE-2010-1989\", \"CVE-2010-1993\", \"CVE-2010-2121\", \"CVE-2010-2421\", \"CVE-2010-2455\", \"CVE-2010-2576\", \"CVE-2010-2658\", \"CVE-2010-2659\", \"CVE-2010-2660\", \"CVE-2010-2661\", \"CVE-2010-2662\", \"CVE-2010-2663\", \"CVE-2010-2664\", \"CVE-2010-2665\", \"CVE-2010-3019\", \"CVE-2010-3020\", \"CVE-2010-3021\", \"CVE-2010-4579\", \"CVE-2010-4580\", \"CVE-2010-4581\", \"CVE-2010-4582\", \"CVE-2010-4583\", \"CVE-2010-4584\", \"CVE-2010-4585\", \"CVE-2010-4586\", \"CVE-2011-0681\", \"CVE-2011-0682\", \"CVE-2011-0683\", \"CVE-2011-0684\", \"CVE-2011-0685\", \"CVE-2011-0686\", \"CVE-2011-0687\", \"CVE-2011-1337\", \"CVE-2011-1824\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\", \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\", \"CVE-2011-2628\", \"CVE-2011-2629\", \"CVE-2011-2630\", \"CVE-2011-2631\", \"CVE-2011-2632\", \"CVE-2011-2633\", \"CVE-2011-2634\", \"CVE-2011-2635\", \"CVE-2011-2636\", \"CVE-2011-2637\", \"CVE-2011-2638\", \"CVE-2011-2639\", \"CVE-2011-2640\", \"CVE-2011-2641\", \"CVE-2011-3388\", \"CVE-2011-4065\", \"CVE-2011-4681\", \"CVE-2011-4682\", \"CVE-2011-4683\", \"CVE-2012-1924\", \"CVE-2012-1925\", \"CVE-2012-1926\", \"CVE-2012-1927\", \"CVE-2012-1928\", \"CVE-2012-1930\", \"CVE-2012-1931\", \"CVE-2012-3555\", \"CVE-2012-3556\", \"CVE-2012-3557\", \"CVE-2012-3558\", \"CVE-2012-3560\", \"CVE-2012-3561\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-03 (Opera)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Opera, the worst of\n which allow for the execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-03\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=264831\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=283391\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=290862\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=293902\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=294208\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=294680\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308069\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=324189\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=325199\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=326413\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=332449\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=348874\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=352750\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=367837\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373289\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=381275\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386217\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=387137\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=393395\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=409857\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=415379\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=421075\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-03.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-client/opera\", unaffected: make_list(\"ge 12.00.1467\"), vulnerable: make_list(\"lt 12.00.1467\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:02:06", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48556\r\nCVE ID: CVE-2011-2611,CVE-2011-2612,CVE-2011-2613,CVE-2011-2614,CVE-2011-2615,CVE-2011-2616,CVE-2011-2617,CVE-2011-2618,CVE-2011-2619,CVE-2011-2620,CVE-2011-2621,CVE-2011-2622,CVE-2011-2623,CVE-2011-2624,CVE-2011-2625,CVE-2011-2626,CVE-2011-2627\r\n\r\nOpera\u4e3a\u6765\u81ea\u632a\u5a01\u7684\u4e00\u4e2a\u6781\u4e3a\u51fa\u8272\u7684\u6d4f\u89c8\u5668\uff0c\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8282\u7701\u7cfb\u7edf\u8d44\u6e90\u3001\u8ba2\u5236\u80fd\u529b\u5f3a\u3001\u5b89\u5168\u6027\u9ad8\u4ee5\u53ca\u4f53\u79ef\u5c0f\u7b49\u7279\u70b9\uff0c\u76ee\u524d\u5df2\u7ecf\u662f\u6700\u53d7\u6b22\u8fce\u7684\u6d4f\u89c8\u5668\u4e4b\u4e00\u3002\r\n\r\nOpera\u6d4f\u89c8\u5668\u5728\u5b9e\u73b0\u4e0a\u65f6\u5b58\u5728\u591a\u4e2a\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u4f7f\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u62d2\u7edd\u670d\u52a1\u5408\u6cd5\u7528\u6237\u3002\n\nOpera Software Opera Web Browser 9.x\r\nOpera Software Opera Web Browser 11.x\r\nOpera Software Opera Web Browser 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpera Software\r\n--------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.opera.com/support/", "modified": "2011-07-07T00:00:00", "published": "2011-07-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20703", "id": "SSV:20703", "title": "Opera Web\u6d4f\u89c8\u5668\u591a\u4e2a\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2019-02-21T01:21:53", "bulletinFamily": "scanner", "description": "opera 11.50 fixes several security vulnerabilities.\n\nThe full changelog is available at http://www.opera.com/docs/changelogs/unix/1150/", "modified": "2018-12-18T00:00:00", "id": "SUSE_11_4_OPERA-110707.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75983", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-4853.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75983);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\", \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)\");\n script_summary(english:\"Check for the opera-4853 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"opera 11.50 fixes several security vulnerabilities.\n\nThe full changelog is available at\nhttp://www.opera.com/docs/changelogs/unix/1150/\"\n );\n # http://www.opera.com/docs/changelogs/unix/1150/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://help.opera.com/en/latest/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opera packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-11.50-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-gtk-11.50-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-kde4-11.50-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera / opera-gtk / opera-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:08", "bulletinFamily": "scanner", "description": "The version of Opera installed on the remote Windows host is earlier than 11.50 and thus potentially affected by multiple vulnerabilities:\n\n - An error exists in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue #995)\n\n - An error exists in the browser's handling of error pages. Opera generates error pages in response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is eventually filled, the browser crashes and the error files are left behind. (Issue #996)\n\n - An additional, moderately severe and unspecified error exists. Details regarding this error are to be released in the future. (CVE-2011-2610)\n\n - Several unspecified errors exist that can cause application crashes. Affected items or functionaility are: printing, unspecified web content, JavaScript Array.prototype.join method, drawing paths with many characters, selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video elements between windows, canvas elements, SVG items, CSS files, form layouts, web workers, SVG BiDi, large tables and print preview, select elements with many items, and the src attribute of the iframe element.\n (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627)", "modified": "2018-11-15T00:00:00", "id": "OPERA_1150.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55470", "published": "2011-06-30T00:00:00", "title": "Opera < 11.50 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55470);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-1337\", \n \"CVE-2011-2609\", \n \"CVE-2011-2610\",\n \"CVE-2011-2611\",\n \"CVE-2011-2612\",\n \"CVE-2011-2613\",\n \"CVE-2011-2614\",\n \"CVE-2011-2615\",\n \"CVE-2011-2616\",\n \"CVE-2011-2617\",\n \"CVE-2011-2618\",\n \"CVE-2011-2619\",\n \"CVE-2011-2620\",\n \"CVE-2011-2621\",\n \"CVE-2011-2622\",\n \"CVE-2011-2623\",\n \"CVE-2011-2624\",\n \"CVE-2011-2625\",\n \"CVE-2011-2626\",\n \"CVE-2011-2627\" \n );\n script_bugtraq_id(48500, 48501, 48556, 48568);\n script_xref(name:\"Secunia\", value:\"45060\");\n\n script_name(english:\"Opera < 11.50 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote Windows host is earlier\nthan 11.50 and thus potentially affected by multiple vulnerabilities:\n\n - An error exists in the handling of data URIs that\n allows cross-site scripting in some unspecified cases. \n (Issue #995)\n\n - An error exists in the browser's handling of error \n pages. Opera generates error pages in response to an\n invalid URL. If enough invalid URLs are attempted, the\n host's disk space is eventually filled, the browser\n crashes and the error files are left behind. \n (Issue #996)\n\n - An additional, moderately severe and unspecified error\n exists. Details regarding this error are to be released\n in the future. (CVE-2011-2610)\n\n - Several unspecified errors exist that can cause \n application crashes. Affected items or functionaility\n are: printing, unspecified web content, JavaScript\n Array.prototype.join method, drawing paths with many\n characters, selecting text nodes, iframes, \n closed or removed pop-up windows, moving audio or\n video elements between windows, canvas elements, SVG\n items, CSS files, form layouts, web workers, SVG BiDi,\n large tables and print preview, select elements with\n many items, and the src attribute of the iframe element.\n (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, \n CVE-2011-2614, CVE-2011-2615, CVE-2011-2616,\n CVE-2011-2617, CVE-2011-2618, CVE-2011-2619,\n CVE-2011-2620, CVE-2011-2621, CVE-2011-2622,\n CVE-2011-2623, CVE-2011-2624, CVE-2011-2625,\n CVE-2011-2626, CVE-2011-2627)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130223103501/http://www.opera.com/support/kb/view/995/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130223103505/http://www.opera.com/support/kb/view/996/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170912120426/http://www.opera.com/docs/changelogs/windows/1150/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 11.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/30\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui; \n\nfixed_version = \"11.50.1074.0\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"11.50\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse\n fixed_version_report = \"11.50\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n install_path = get_kb_item(\"SMB/Opera/Path\");\n\n report = \n '\\n Path : ' + install_path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(port:get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The host is not affected since Opera \"+version_report+\" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:47", "bulletinFamily": "scanner", "description": "opera 11.50 has been released, fixing numerous vulnerabilities.\n\nThe full changelog is available at http://www.opera.com/docs/changelogs/unix/1150/", "modified": "2018-12-18T00:00:00", "id": "SUSE_11_3_OPERA-110711.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75696", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-4860.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75696);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2011-1337\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\", \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)\");\n script_summary(english:\"Check for the opera-4860 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"opera 11.50 has been released, fixing numerous vulnerabilities.\n\nThe full changelog is available at\nhttp://www.opera.com/docs/changelogs/unix/1150/\"\n );\n # http://www.opera.com/docs/changelogs/unix/1150/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://help.opera.com/en/latest/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opera packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-11.50-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-gtk-11.50-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-kde4-11.50-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:51", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact.\n A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information.\n A physically proximate attacker may be able to access an email account.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-06-29T00:00:00", "id": "GENTOO_GLSA-201206-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59631", "published": "2012-06-21T00:00:00", "title": "GLSA-201206-03 : Opera: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-03.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59631);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/06/29 12:01:00\");\n\n script_cve_id(\"CVE-2009-1234\", \"CVE-2009-2059\", \"CVE-2009-2063\", \"CVE-2009-2067\", \"CVE-2009-2070\", \"CVE-2009-3013\", \"CVE-2009-3044\", \"CVE-2009-3045\", \"CVE-2009-3046\", \"CVE-2009-3047\", \"CVE-2009-3048\", \"CVE-2009-3049\", \"CVE-2009-3831\", \"CVE-2009-4071\", \"CVE-2009-4072\", \"CVE-2010-0653\", \"CVE-2010-1349\", \"CVE-2010-1989\", \"CVE-2010-1993\", \"CVE-2010-2121\", \"CVE-2010-2421\", \"CVE-2010-2455\", \"CVE-2010-2576\", \"CVE-2010-2658\", \"CVE-2010-2659\", \"CVE-2010-2660\", \"CVE-2010-2661\", \"CVE-2010-2662\", \"CVE-2010-2663\", \"CVE-2010-2664\", \"CVE-2010-2665\", \"CVE-2010-3019\", \"CVE-2010-3020\", \"CVE-2010-3021\", \"CVE-2010-4579\", \"CVE-2010-4580\", \"CVE-2010-4581\", \"CVE-2010-4582\", \"CVE-2010-4583\", \"CVE-2010-4584\", \"CVE-2010-4585\", \"CVE-2010-4586\", \"CVE-2011-0681\", \"CVE-2011-0682\", \"CVE-2011-0683\", \"CVE-2011-0684\", \"CVE-2011-0685\", \"CVE-2011-0686\", \"CVE-2011-0687\", \"CVE-2011-1337\", \"CVE-2011-1824\", \"CVE-2011-2609\", \"CVE-2011-2610\", \"CVE-2011-2611\", \"CVE-2011-2612\", \"CVE-2011-2613\", \"CVE-2011-2614\", \"CVE-2011-2615\", \"CVE-2011-2616\", \"CVE-2011-2617\", \"CVE-2011-2618\", \"CVE-2011-2619\", \"CVE-2011-2620\", \"CVE-2011-2621\", \"CVE-2011-2622\", \"CVE-2011-2623\", \"CVE-2011-2624\", \"CVE-2011-2625\", \"CVE-2011-2626\", \"CVE-2011-2627\", \"CVE-2011-2628\", \"CVE-2011-2629\", \"CVE-2011-2630\", \"CVE-2011-2631\", \"CVE-2011-2632\", \"CVE-2011-2633\", \"CVE-2011-2634\", \"CVE-2011-2635\", \"CVE-2011-2636\", \"CVE-2011-2637\", \"CVE-2011-2638\", \"CVE-2011-2639\", \"CVE-2011-2640\", \"CVE-2011-2641\", \"CVE-2011-3388\", \"CVE-2011-4065\", \"CVE-2011-4681\", \"CVE-2011-4682\", \"CVE-2011-4683\", \"CVE-2012-1924\", \"CVE-2012-1925\", \"CVE-2012-1926\", \"CVE-2012-1927\", \"CVE-2012-1928\", \"CVE-2012-1930\", \"CVE-2012-1931\", \"CVE-2012-3555\", \"CVE-2012-3556\", \"CVE-2012-3557\", \"CVE-2012-3558\", \"CVE-2012-3560\", \"CVE-2012-3561\");\n script_xref(name:\"GLSA\", value:\"201206-03\");\n\n script_name(english:\"GLSA-201206-03 : Opera: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-03\n(Opera: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Opera. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted web\n page, possibly resulting in execution of arbitrary code with the\n privileges of the process or a Denial of Service condition. A remote\n attacker may be able to: trick users into downloading and executing\n arbitrary files, bypass intended access restrictions, spoof trusted\n content, spoof URLs, bypass the Same Origin Policy, obtain sensitive\n information, force subscriptions to arbitrary feeds, bypass the popup\n blocker, bypass CSS filtering, conduct cross-site scripting attacks, or\n have other unknown impact.\n A local attacker could perform symlink attacks to overwrite arbitrary\n files with the privileges of the user running the application or possibly\n obtain sensitive information.\n A physically proximate attacker may be able to access an email account.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Opera users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 79, 94, 264, 287, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/opera\", unaffected:make_list(\"ge 12.00.1467\"), vulnerable:make_list(\"lt 12.00.1467\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Opera\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nOpera is a fast web browser that is available free of charge.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. \n\nA local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. \n\nA physically proximate attacker may be able to access an email account. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Opera users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/opera-12.00.1467\"", "modified": "2012-06-15T00:00:00", "published": "2012-06-15T00:00:00", "id": "GLSA-201206-03", "href": "https://security.gentoo.org/glsa/201206-03", "type": "gentoo", "title": "Opera: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
