VARIoT IoT vulnerabilities database

Twitter for iPhone is a Twitter client for the iPhone platform. There is a buffer overflow on the Twitter client under the iPhone platform that can be triggered by an infrequently used user profile location. No detailed vulnerability details are currently available. Twitter for iPhone is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to Twiiter for iPhone 3.0.1 are vulnerable

The D-LINK DIR-615 is a router device. The D-LINK DIR-615 incorrectly comes with user-submitted input, and a remote attacker can exploit the vulnerability for cross-site scripting attacks to obtain sensitive information from the target user or unauthorized access to the device. D-LINK DIR-615 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NOTE: This issue may be related to one of the issues described in BID 28439

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374. Cisco Unified Wireless Network (UWN) Solution is prone to multiple security vulnerabilities, including denial of service, authentication bypass, information disclosure, unauthorized access, and an unspecified remote vulnerability. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable. A remote attacker can cause a denial of service attack (connection failure) by means of a series of forged EAPoL-Logoff frames

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. Cisco Unified Wireless Network (UWN) Solution is prone to multiple security vulnerabilities, including denial of service, authentication bypass, information disclosure, unauthorized access, and an unspecified remote vulnerability. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable. A remote attacker discovers a set of passwords through a series of SNMP requests

Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. Cisco Unified Wireless Network (UWN) Solution There is a vulnerability in which access rights can be obtained because of the following controller. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. Exploiting these issues can allow an attacker to deny service to legitimate users, bypass security restrictions, gain unauthorized access, or execute arbitrary code. Other attacks may also be possible. Versions prior to Cisco Unified Wireless Network (UWN) 7.0.98.0 are vulnerable

WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. Weborf is a lightweight web server developed in C. Weborf has an error in processing part of the HTTP header field data. The attacker submits an HTTP header request containing a wide character to stop the service program from responding. Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Weborf 0.12.1 is vulnerable; prior versions may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Weborf Header Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40322 RELEASE DATE: 2010-06-29 DISCUSS ADVISORY: http://secunia.com/advisories/40322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to terminate an affected server via e.g. specially crafted HTTP headers containing wide characters. The vulnerability is reported in version 0.12.1. SOLUTION: Update to version 0.12.2. PROVIDED AND/OR DISCOVERED BY: Crash, DcLabs Security Group ORIGINAL ADVISORY: http://freshmeat.net/projects/weborf/releases/318531 http://code.google.com/p/weborf/source/browse/branches/0.12.2/CHANGELOG?spec=svn437&r=437 DcLabs Security Group: http://archives.neohapsis.com/archives/bugtraq/2010-06/0215.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WAP54Gv3 is a wireless router device. The Linksys WAP54Gv3 debug.cgi script is used to debug devices. As the POST variable data submitted by the user lacks sufficient filtering when returning the <textarea> tag of the output page, it can trigger a cross-site scripting attack. Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following firmware versions are vulnerable: 3.05.03 (Europe) 3.04.03 (US)

Multiple Fujitsu Interstage products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service (DoS) condition.A remote attacker could cause a denial of service (DoS) condition on the affected system.

Sysax Multi Server is an SSH2 and FTP server for Windows. There are multiple denial of service problems in the Sysax Multi Server SFTP module. Unsafe commands include \"open\", \"unlink\", \"mkdir\", etc., and long strings are not handled correctly. An attacker with valid login credentials can exploit these issues to cause the server to crash, resulting in a denial-of-service condition. Other attacks may also be possible. Sysax Multi Server 5.25 is vulnerable; prior versions may also be affected. Update (June 28, 2010): Assuming the server is running as 'admin', attackers can execute arbitrary code to compromise the application

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site.". Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------