The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Opera Web browser

vulnerability bulletin CVE-2017-5130

libxml2: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Chrome, openSUSE Leap, Opera, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CVE-2017-5130, DLA-1188-1, openSUSE-SU-2017:3245-1, openSUSE-SU-2018:0418-1, VIGILANCE-VUL-24523.

Description of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15396

V8: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of V8, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 27/10/2017.
Identifiers: CERTFR-2017-AVI-382, CVE-2017-15396, DSA-4020-1, FEDORA-2018-faff5f661e, openSUSE-SU-2017:2902-1, openSUSE-SU-2017:3245-1, RHSA-2017:3082-01, VIGILANCE-VUL-24258.

Description of the vulnerability

An attacker can generate a buffer overflow of V8, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15386 CVE-2017-15387 CVE-2017-15388

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 19.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-364, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133, DSA-4020-1, FEDORA-2017-15b815b9b7, FEDORA-2017-4d90e9fc97, FEDORA-2017-9015553e3d, FEDORA-2017-f2f3fa09e3, FG-VD-17-154, openSUSE-SU-2017:2902-1, openSUSE-SU-2017:3245-1, RHSA-2017:2997-01, VIGILANCE-VUL-24168.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-5121 CVE-2017-5122

Google Chrome: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/09/2017.
Identifiers: CERTFR-2017-AVI-318, CVE-2017-5121, CVE-2017-5122, DSA-3985-1, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2557-1, openSUSE-SU-2017:2558-1, RHSA-2017:2792-01, VIGILANCE-VUL-23907.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5121]

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5122]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-5111 CVE-2017-5112 CVE-2017-5113

Google Chrome: multiple vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 06/09/2017.
Identifiers: CERTFR-2017-AVI-284, CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, DSA-3985-1, FEDORA-2017-4f9bb0861b, FEDORA-2017-580f91f6b0, FEDORA-2017-9a7e562fca, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2482-1, openSUSE-SU-2017:2491-1, RHSA-2017:2676-01, VIGILANCE-VUL-23742.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7000

SQLite: information disclosure via Pointer Disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Impacted products: Mac OS X, Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/08/2017.
Identifiers: 1475207, CVE-2017-7000, DSA-3926-1, FEDORA-2017-571e659c85, FEDORA-2017-5f2b220c7c, FEDORA-2017-c708c044e3, FEDORA-2017-f79ae2b96f, HT207797, openSUSE-SU-2017:1993-1, openSUSE-SU-2017:1994-1, RHSA-2017:1833-01, VIGILANCE-VUL-23528.

Description of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5091 CVE-2017-5092 CVE-2017-5093

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 26/07/2017.
Identifiers: CERTFR-2017-AVI-236, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, DSA-3926-1, FEDORA-2017-4f9bb0861b, FEDORA-2017-580f91f6b0, FEDORA-2017-9a7e562fca, FEDORA-2017-c708c044e3, FEDORA-2017-f79ae2b96f, openSUSE-SU-2017:1993-1, openSUSE-SU-2017:1994-1, RHSA-2017:1833-01, VIGILANCE-VUL-23365.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-9417

Broadcom BCM43xx: code execution via Wi-Fi

Synthesis of the vulnerability

An attacker can use a vulnerability via Wi-Fi of Broadcom BCM43xx, in order to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, Android OS, Chrome, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Opera.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: radio connection.
Creation date: 20/07/2017.
Identifiers: APPLE-SA-2017-07-19-1, APPLE-SA-2017-07-19-2, Broadpwn, CERTFR-2017-AVI-244, CVE-2017-9417, DLA-1573-1, FEDORA-2017-355ac8a91a, FEDORA-2017-a253644369, HT207922, VIGILANCE-VUL-23300.

Description of the vulnerability

An attacker can use a vulnerability via Wi-Fi of Broadcom BCM43xx, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5203 CVE-2016-5204 CVE-2016-5205

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 28.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Identifiers: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5070 CVE-2017-5071 CVE-2017-5072

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 06/06/2017.
Identifiers: 1232, CERTFR-2017-AVI-168, CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085, CVE-2017-5086, FEDORA-2017-1e34da27f3, FEDORA-2017-a66e2c5b62, FEDORA-2017-a7a488d8d0, FEDORA-2017-b8d76bef4e, openSUSE-SU-2017:1501-1, openSUSE-SU-2017:1502-1, RHSA-2017:1399-01, VIGILANCE-VUL-22905.

Description of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Opera Web browser: