VARIoT IoT vulnerabilities database

Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. Cisco Unified Wireless Network (UWN) Solution There is a vulnerability in which access rights can be obtained because of the following controller. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. Weborf is a lightweight web server developed in C. Weborf has an error in processing part of the HTTP header field data. The attacker submits an HTTP header request containing a wide character to stop the service program from responding. Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Weborf 0.12.1 is vulnerable; prior versions may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Weborf Header Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40322 RELEASE DATE: 2010-06-29 DISCUSS ADVISORY: http://secunia.com/advisories/40322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to terminate an affected server via e.g. specially crafted HTTP headers containing wide characters. The vulnerability is reported in version 0.12.1. SOLUTION: Update to version 0.12.2. PROVIDED AND/OR DISCOVERED BY: Crash, DcLabs Security Group ORIGINAL ADVISORY: http://freshmeat.net/projects/weborf/releases/318531 http://code.google.com/p/weborf/source/browse/branches/0.12.2/CHANGELOG?spec=svn437&r=437 DcLabs Security Group: http://archives.neohapsis.com/archives/bugtraq/2010-06/0215.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WAP54Gv3 is a wireless router device. The Linksys WAP54Gv3 debug.cgi script is used to debug devices. As the POST variable data submitted by the user lacks sufficient filtering when returning the <textarea> tag of the output page, it can trigger a cross-site scripting attack. Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following firmware versions are vulnerable: 3.05.03 (Europe) 3.04.03 (US)

Multiple Fujitsu Interstage products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service (DoS) condition.A remote attacker could cause a denial of service (DoS) condition on the affected system.

Sysax Multi Server is an SSH2 and FTP server for Windows. There are multiple denial of service problems in the Sysax Multi Server SFTP module. Unsafe commands include \"open\", \"unlink\", \"mkdir\", etc., and long strings are not handled correctly. An attacker with valid login credentials can exploit these issues to cause the server to crash, resulting in a denial-of-service condition. Other attacks may also be possible. Sysax Multi Server 5.25 is vulnerable; prior versions may also be affected. Update (June 28, 2010): Assuming the server is running as 'admin', attackers can execute arbitrary code to compromise the application

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site.". Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. WebKit is prone to a remote information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. This may lead to a false sense of security, which may aid in further attacks. NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. Apple Safari for iOS is prone to a security-bypass vulnerability that allows unauthorized access to cookies. NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad