The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Opera

computer weakness alert CVE-2019-5849

Skia: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a read at an invalid address of Skia, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 03/09/2019.
Identifiers: CVE-2019-5849, DSA-4500-1, MFSA-2019-25, MFSA-2019-26, openSUSE-SU-2019:1848-1, openSUSE-SU-2019:1849-1, openSUSE-SU-2019:1853-1, openSUSE-SU-2019:1901-1, RHSA-2019:2427-01, USN-4122-1, VIGILANCE-VUL-30234.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address of Skia, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-18335

Skia: buffer overflow via Canvas 2D

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via Canvas 2D of Skia, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 14/02/2019.
Identifiers: CERTFR-2019-AVI-058, CVE-2018-18335, MFSA-2019-05, openSUSE-SU-2019:0202-1, openSUSE-SU-2019:0249-1, openSUSE-SU-2019:0250-1, openSUSE-SU-2019:0251-1, openSUSE-SU-2019:1162-1, SSA:2019-044-01, SSA:2019-045-01, SUSE-SU-2019:0469-1, SUSE-SU-2019:0852-1, SUSE-SU-2019:0853-1, SUSE-SU-2019:0871-1, VIGILANCE-VUL-28511.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a buffer overflow via Canvas 2D of Skia, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2018-18356

Skia: use after free via Path Creation

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Path Creation of Skia, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/02/2019.
Identifiers: bulletinapr2019, bulletinjan2019, CERTFR-2019-AVI-058, CVE-2018-18356, DLA-1677-1, DLA-1678-1, DSA-4391-1, DSA-4392-1, MFSA-2019-04, MFSA-2019-05, openSUSE-SU-2019:0202-1, openSUSE-SU-2019:0248-1, openSUSE-SU-2019:0249-1, openSUSE-SU-2019:0250-1, openSUSE-SU-2019:0251-1, openSUSE-SU-2019:1162-1, RHSA-2019:0373-01, RHSA-2019:0374-01, SSA:2019-044-01, SSA:2019-045-01, SUSE-SU-2019:0469-1, SUSE-SU-2019:0852-1, SUSE-SU-2019:0853-1, SUSE-SU-2019:0871-1, USN-3896-1, USN-3897-1, VIGILANCE-VUL-28501.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via Path Creation of Skia, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-20346 CVE-2018-20505 CVE-2018-20506

SQLite, Chrome: memory corruption via FTS3 Query

Synthesis of the vulnerability

An attacker can generate a memory corruption via a FTS3 query of SQLite, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/12/2018.
Identifiers: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, DLA-1613-1, DSA-4352-1, FEDORA-2018-5f91fbf4fd, FEDORA-2018-ccbe8b931c, FEDORA-2019-49f80a78bc, FreeBSD-EN-19:03.sqlite, HT209443, HT209446, Magellan, openSUSE-SU-2018:4056-1, openSUSE-SU-2018:4122-1, openSUSE-SU-2018:4142-1, openSUSE-SU-2018:4143-1, openSUSE-SU-2019:1159-1, openSUSE-SU-2019:1222-1, RHSA-2018:3803-01, SUSE-SU-2019:0913-1, SUSE-SU-2019:0973-1, SUSE-SU-2019:14003-1, Synology-SA-18:61, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28027.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FTS3/FTS4 extension of SQLite can be used to create tables with text indexes.

However, a series of special SQL queries using FTS3 triggers a memory corruption in the ext/fts3/fts3.c file. An access to a SQL session is thus needed for the attacker.

It can be noted that the Chrome browser supports SQL queries via WebSQL implemented with SQLite, so it is also vulnerable via a web page.

An attacker can therefore generate a memory corruption via a FTS3 query of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-17481

Chrome: use after free via PDFium

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via PDFium of Chrome, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/12/2018.
Identifiers: CERTFR-2018-AVI-599, CVE-2018-17481, DSA-4395-1, DSA-4395-2, openSUSE-SU-2018:4142-1, openSUSE-SU-2018:4143-1, VIGILANCE-VUL-28022.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via PDFium of Chrome, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-17479

Chrome: use after free via GPU

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via GPU of Chrome, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 20/11/2018.
Identifiers: CERTFR-2018-AVI-562, CVE-2018-17479, openSUSE-SU-2018:3871-1, openSUSE-SU-2018:3872-1, RHSA-2018:3648-01, VIGILANCE-VUL-27840.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via GPU of Chrome, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-17478

Chrome: out-of-bounds memory reading via V8

Synthesis of the vulnerability

An attacker can force a read at an invalid address via V8 of Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 12/11/2018.
Identifiers: CERTFR-2018-AVI-540, CVE-2018-17478, DSA-4340-1, openSUSE-SU-2018:3805-1, openSUSE-SU-2018:3835-1, openSUSE-SU-2018:3837-1, RHSA-2018:3648-01, VIGILANCE-VUL-27757.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via V8 of Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16083

WebRTC.org: out-of-bounds memory reading via FEC

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FEC of WebRTC.org, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 21/09/2018.
Identifiers: 1606, CVE-2018-16083, openSUSE-SU-2018:2664-2, VIGILANCE-VUL-27291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via FEC of WebRTC.org, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2018-16071

WebRTC.org: use after free via VP9

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via VP9 of WebRTC.org, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 21/09/2018.
Identifiers: 1601, CVE-2018-16071, openSUSE-SU-2018:2664-2, VIGILANCE-VUL-27290.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via VP9 of WebRTC.org, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce 27254

Google Chrome: vulnerability

Synthesis of the vulnerability

A vulnerability of Google Chrome was announced.
Severity: 2/4.
Creation date: 18/09/2018.
Identifiers: CERTFR-2018-AVI-442, openSUSE-SU-2018:2728-2, openSUSE-SU-2018:2753-1, openSUSE-SU-2018:2754-1, openSUSE-SU-2018:2754-2, VIGILANCE-VUL-27254.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability of Google Chrome was announced.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Opera: