ID OPENVAS:803144 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2017-05-10T00:00:00
Description
The host is installed with Opera and is prone to multiple
vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_opera_mult_vuln03_jan13_win.nasl 6093 2017-05-10 09:03:18Z teissa $
#
# Opera Multiple Vulnerabilities-03 Jan13 (Windows)
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will let the attacker crash the browser leading to
denial of service, execute the arbitrary code or disclose the information.
Impact Level: System/Application";
tag_affected = "Opera version before 12.10 on Windows";
tag_insight = "- Internet shortcuts used for phishing in '<img>' elements.
- Specially crafted WebP images can be used to disclose random chunks
of memory.
- Specially crafted SVG images can allow execution of arbitrary code.
- Cross domain access to object constructors can be used to facilitate
cross-site scripting.
- Data URIs can be used to facilitate Cross-Site Scripting.
- CORS requests can incorrectly retrieve contents of cross origin pages.
- Certificate revocation service failure may cause Opera to show an
unverified site as secur.";
tag_solution = "Upgrade to Opera version 12.10 or later,
For updates refer to http://www.opera.com/";
tag_summary = "The host is installed with Opera and is prone to multiple
vulnerabilities.";
if(description)
{
script_id(803144);
script_version("$Revision: 6093 $");
script_cve_id("CVE-2012-6461", "CVE-2012-6462", "CVE-2012-6463", "CVE-2012-6464",
"CVE-2012-6465", "CVE-2012-6466", "CVE-2012-6467");
script_bugtraq_id(57121, 56407, 57120, 57132);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $");
script_tag(name:"creation_date", value:"2013-01-07 15:57:32 +0530 (Mon, 07 Jan 2013)");
script_name("Opera Multiple Vulnerabilities-03 Jan13 (Windows)");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1034/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1035/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1033/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1032/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1031/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1030/");
script_xref(name : "URL" , value : "http://www.opera.com/support/kb/view/1029/");
script_xref(name : "URL" , value : "http://www.opera.com/docs/changelogs/unified/1210/");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("General");
script_dependencies("secpod_opera_detection_win_900036.nasl");
script_require_keys("Opera/Win/Version");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
operaVer = "";
## Get Opera version from KB
operaVer = get_kb_item("Opera/Win/Version");
if(!operaVer){
exit(0);
}
## Check for opera versions prior to 12.10
if(version_is_less(version:operaVer, test_version:"12.10")){
security_message(0);
}
{"id": "OPENVAS:803144", "bulletinFamily": "scanner", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Windows)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "modified": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803144", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://www.opera.com/docs/changelogs/unified/1210/", "http://www.opera.com/support/kb/view/1032/", "http://www.opera.com/support/kb/view/1030/", "http://www.opera.com/support/kb/view/1035/", "http://www.opera.com/support/kb/view/1029/", "http://www.opera.com/support/kb/view/1033/", "http://www.opera.com/support/kb/view/1031/", "http://www.opera.com/support/kb/view/1034/"], "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "type": "openvas", "lastseen": "2017-07-02T21:11:15", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "628f3a52f50186a3845155af46232b72"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "bb2747f4c94a990a47535ef3d7c8ab74"}, {"key": "href", "hash": "70c47c7e0d8156b460fcd2e3cc002997"}, {"key": "modified", "hash": "251f7e82e99b45e17b6cf8e939e6b119"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "dd2b5885cd67fe6ee8895b57a8600a5d"}, {"key": "published", "hash": "101b7284092e44eb79b50c654f2b8df1"}, {"key": "references", "hash": "f553fca4254ce599bcd3bc5726d41b3b"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "501a0fb681950bc577a6c9eb987e9893"}, {"key": "title", "hash": "4796d7114379c4aca3b8136699353962"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "b896f4a433e09d80667cc0a3742f84ca7839b02194fce0a63f1e10faa8a3fad6", "viewCount": 0, "enchantments": {"vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_mult_vuln03_jan13_win.nasl 6093 2017-05-10 09:03:18Z teissa $\n#\n# Opera Multiple Vulnerabilities-03 Jan13 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker crash the browser leading to\n denial of service, execute the arbitrary code or disclose the information.\n Impact Level: System/Application\";\n\ntag_affected = \"Opera version before 12.10 on Windows\";\ntag_insight = \"- Internet shortcuts used for phishing in '<img>' elements.\n - Specially crafted WebP images can be used to disclose random chunks\n of memory.\n - Specially crafted SVG images can allow execution of arbitrary code.\n - Cross domain access to object constructors can be used to facilitate\n cross-site scripting.\n - Data URIs can be used to facilitate Cross-Site Scripting.\n - CORS requests can incorrectly retrieve contents of cross origin pages.\n - Certificate revocation service failure may cause Opera to show an\n unverified site as secur.\";\ntag_solution = \"Upgrade to Opera version 12.10 or later,\n For updates refer to http://www.opera.com/\";\ntag_summary = \"The host is installed with Opera and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803144);\n script_version(\"$Revision: 6093 $\");\n script_cve_id(\"CVE-2012-6461\", \"CVE-2012-6462\", \"CVE-2012-6463\", \"CVE-2012-6464\",\n \"CVE-2012-6465\", \"CVE-2012-6466\", \"CVE-2012-6467\");\n script_bugtraq_id(57121, 56407, 57120, 57132);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-07 15:57:32 +0530 (Mon, 07 Jan 2013)\");\n script_name(\"Opera Multiple Vulnerabilities-03 Jan13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1034/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1035/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1033/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1032/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1031/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1030/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1029/\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/unified/1210/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_require_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = \"\";\n\n## Get Opera version from KB\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\n## Check for opera versions prior to 12.10\nif(version_is_less(version:operaVer, test_version:\"12.10\")){\n security_message(0);\n}\n", "naslFamily": "General", "pluginID": "803144"}
{"result": {"cve": [{"id": "CVE-2012-6463", "type": "cve", "title": "CVE-2012-6463", "description": "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.", "published": "2013-01-02T06:46:22", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6463", "cvelist": ["CVE-2012-6463"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6466", "type": "cve", "title": "CVE-2012-6466", "description": "Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.", "published": "2013-01-02T06:46:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6466", "cvelist": ["CVE-2012-6466"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6462", "type": "cve", "title": "CVE-2012-6462", "description": "Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.", "published": "2013-01-02T06:46:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6462", "cvelist": ["CVE-2012-6462"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6467", "type": "cve", "title": "CVE-2012-6467", "description": "Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.", "published": "2013-01-02T06:46:22", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6467", "cvelist": ["CVE-2012-6467"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6461", "type": "cve", "title": "CVE-2012-6461", "description": "The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.", "published": "2013-01-02T06:46:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6461", "cvelist": ["CVE-2012-6461"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6464", "type": "cve", "title": "CVE-2012-6464", "description": "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.", "published": "2013-01-02T06:46:22", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6464", "cvelist": ["CVE-2012-6464"], "lastseen": "2017-11-09T12:22:40"}, {"id": "CVE-2012-6465", "type": "cve", "title": "CVE-2012-6465", "description": "Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.", "published": "2013-01-02T06:46:22", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6465", "cvelist": ["CVE-2012-6465"], "lastseen": "2017-11-09T12:22:40"}], "openvas": [{"id": "OPENVAS:1361412562310803146", "type": "openvas", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Mac OS X)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803146", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2018-04-06T11:22:57"}, {"id": "OPENVAS:1361412562310803145", "type": "openvas", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Linux)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803145", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2018-04-06T11:22:14"}, {"id": "OPENVAS:803145", "type": "openvas", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Linux)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803145", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2017-07-02T21:11:11"}, {"id": "OPENVAS:803146", "type": "openvas", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Mac OS X)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803146", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2017-07-02T21:11:17"}, {"id": "OPENVAS:1361412562310803144", "type": "openvas", "title": "Opera Multiple Vulnerabilities-03 Jan13 (Windows)", "description": "The host is installed with Opera and is prone to multiple\n vulnerabilities.", "published": "2013-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803144", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2018-04-06T11:22:43"}, {"id": "OPENVAS:1361412562310121217", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201406-14", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201406-14", "published": "2015-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121217", "cvelist": ["CVE-2012-6472", "CVE-2013-1638", "CVE-2012-6470", "CVE-2012-6468", "CVE-2012-6469", "CVE-2012-6463", "CVE-2013-1639", "CVE-2012-6471", "CVE-2012-6466", "CVE-2013-1618", "CVE-2012-6462", "CVE-2012-6467", "CVE-2013-1637", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2018-04-09T11:26:05"}], "nessus": [{"id": "OPERA_1210.NASL", "type": "nessus", "title": "Opera < 12.10 Multiple Vulnerabilities", "description": "The version of Opera installed on the remote host is earlier than 12.10 and is, therefore, reportedly affected by the following vulnerabilities : \n\n - An error exists related to certificate revocation checking that can allow the application to indicate that a site is secure even though the check has not completed. (1029)\n\n - An error exists related to Cross-Origin Resource Sharing (CORS) handling that can allow specially crafted requests to aid in disclosing sensitive data. (1030)\n\n - An error exists related to data URIs that allows bypassing of the 'Same Origin Policy' and cross-site scripting attacks. (1031)\n\n - An error exists related to JavaScript and native objects that allows domains to override methods of other domains. This error can aid in cross-site scripting attacks. (1032)\n\n - An error exists related to SVG image handling that can result in arbitrary code execution. (1033)\n\n - An error exists related to the handling of shortcuts in inline elements that can cause the application to be redirected to malicious pages. This error can aid in phishing attacks. (1034)\n\n - An error exists related to the handling of 'WebP' images that can allow disclosure of memory contents.\n (1035)", "published": "2012-11-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62821", "cvelist": ["CVE-2012-6463", "CVE-2012-6466", "CVE-2012-6462", "CVE-2012-6467", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2017-10-29T13:38:49"}, {"id": "GENTOO_GLSA-201406-14.NASL", "type": "nessus", "title": "GLSA-201406-14 : Opera: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201406-14 (Opera: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Furthermore, a remote attacker may be able to obtain sensitive information, conduct Cross-Site Scripting (XSS) attacks, or bypass security restrictions.\n A local attacker may be able to obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-06-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76065", "cvelist": ["CVE-2012-6472", "CVE-2013-1638", "CVE-2012-6470", "CVE-2012-6468", "CVE-2012-6469", "CVE-2012-6463", "CVE-2013-1639", "CVE-2012-6471", "CVE-2012-6466", "CVE-2013-1618", "CVE-2012-6462", "CVE-2012-6467", "CVE-2013-1637", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2017-10-29T13:44:08"}], "gentoo": [{"id": "GLSA-201406-14", "type": "gentoo", "title": "Opera: Multiple vulnerabilities", "description": "### Background\n\nOpera is a fast web browser that is available free of charge.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information, conduct Cross-Site Scripting (XSS) attacks, or bypass security restrictions. \n\nA local attacker may be able to obtain sensitive information.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Opera users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/opera-12.13_p1734\"", "published": "2014-06-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201406-14", "cvelist": ["CVE-2012-6472", "CVE-2013-1638", "CVE-2012-6470", "CVE-2012-6468", "CVE-2012-6469", "CVE-2012-6463", "CVE-2013-1639", "CVE-2012-6471", "CVE-2012-6466", "CVE-2013-1618", "CVE-2012-6462", "CVE-2012-6467", "CVE-2013-1637", "CVE-2012-6461", "CVE-2012-6464", "CVE-2012-6465"], "lastseen": "2016-09-06T19:46:00"}]}}