Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202102-5
HistoryFeb 06, 2021 - 12:00 a.m.

[ASA-202102-5] opera: multiple issues

2021-02-0600:00:00
security.archlinux.org
95
opera
multiple issues
critical
arbitrary code execution
insufficient validation
upgrade

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

74.7%

JSON

Arch Linux Security Advisory ASA-202102-5

Severity: Critical
Date : 2021-02-06
CVE-ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119
CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123
CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127
CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131
CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135
CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139
CVE-2021-21140 CVE-2021-21141
Package : opera
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1479

Summary

The package opera before version 74.0.3911.75-1 is vulnerable to
multiple issues including arbitrary code execution, insufficient
validation, content spoofing and incorrect calculation.

Resolution

Upgrade to 74.0.3911.75-1.

pacman -Syu “opera>=74.0.3911.75-1”

The problems have been fixed upstream in version 74.0.3911.75.

Workaround

None.

Description

  • CVE-2020-16044 (arbitrary code execution)

A security issue was found in Firefox before 84.0.2, Thunderbird before
78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have
modified a COOKIE-ECHO chunk in an SCTP packet in a way that
potentially resulted in a use-after-free. Mozilla presumes that with
enough effort it could have been exploited to run arbitrary code.

  • CVE-2021-21117 (insufficient validation)

An insufficient policy enforcement security issue was found in the
Cryptohome component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21118 (insufficient validation)

An insufficient data validation security issue was found in the V8
component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21119 (arbitrary code execution)

A use after free security issue was found in the Media component of the
Chromium browser before version 88.0.4324.96.

  • CVE-2021-21120 (arbitrary code execution)

A use after free security issue was found in the WebSQL component of
the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21121 (arbitrary code execution)

A use after free security issue was found in the Omnibox component of
the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21122 (arbitrary code execution)

A use after free security issue was found in the Blink component of the
Chromium browser before version 88.0.4324.96.

  • CVE-2021-21123 (insufficient validation)

An insufficient data validation security issue was found in the File
System component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21124 (arbitrary code execution)

A potential use after free security issue was found in the Speech
Recognizer component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21125 (insufficient validation)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21126 (insufficient validation)

An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21127 (insufficient validation)

An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21128 (arbitrary code execution)

A heap buffer overflow security issue was found in the Blink component
of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21129 (insufficient validation)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21130 (insufficient validation)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21131 (insufficient validation)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21132 (incorrect calculation)

An inappropriate implementation security issue was found in the
DevTools component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21133 (insufficient validation)

An insufficient policy enforcement security issue was found in the
Downloads component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21134 (content spoofing)

An incorrect security UI security issue was found in the Page Info
component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21135 (incorrect calculation)

An inappropriate implementation security issue was found in the
Performance API component of the Chromium browser before version
88.0.4324.96.

  • CVE-2021-21136 (insufficient validation)

An insufficient policy enforcement security issue was found in the
WebView component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21137 (incorrect calculation)

An inappropriate implementation security issue was found in the
DevTools component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21138 (arbitrary code execution)

A use after free security issue was found in the DevTools component of
the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21139 (incorrect calculation)

An inappropriate implementation security issue was found in the iframe
sandbox component of the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21140 (arbitrary code execution)

An uninitialized use security issue was found in the USB component of
the Chromium browser before version 88.0.4324.96.

  • CVE-2021-21141 (insufficient validation)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.

Impact

A remote attacker might be able to bypass security measures, trick the
user into performing unwanted actions or execute arbitrary code.

References

https://blogs.opera.com/desktop/2021/02/opera-74-stable/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
https://bugzilla.mozilla.org/show_bug.cgi?id=1683964
https://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead
https://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7
https://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1137179
https://crbug.com/1161357
https://crbug.com/1160534
https://crbug.com/1160602
https://crbug.com/1161143
https://crbug.com/1162131
https://crbug.com/1137247
https://crbug.com/1131346
https://crbug.com/1152327
https://crbug.com/1108126
https://crbug.com/1115590
https://crbug.com/1138877
https://crbug.com/1140403
https://crbug.com/1140410
https://crbug.com/1140417
https://crbug.com/1128206
https://crbug.com/1157743
https://crbug.com/1157800
https://crbug.com/1157818
https://crbug.com/1038002
https://crbug.com/1093791
https://crbug.com/1122487
https://crbug.com/937131
https://crbug.com/1136327
https://crbug.com/1140435
https://security.archlinux.org/CVE-2020-16044
https://security.archlinux.org/CVE-2021-21117
https://security.archlinux.org/CVE-2021-21118
https://security.archlinux.org/CVE-2021-21119
https://security.archlinux.org/CVE-2021-21120
https://security.archlinux.org/CVE-2021-21121
https://security.archlinux.org/CVE-2021-21122
https://security.archlinux.org/CVE-2021-21123
https://security.archlinux.org/CVE-2021-21124
https://security.archlinux.org/CVE-2021-21125
https://security.archlinux.org/CVE-2021-21126
https://security.archlinux.org/CVE-2021-21127
https://security.archlinux.org/CVE-2021-21128
https://security.archlinux.org/CVE-2021-21129
https://security.archlinux.org/CVE-2021-21130
https://security.archlinux.org/CVE-2021-21131
https://security.archlinux.org/CVE-2021-21132
https://security.archlinux.org/CVE-2021-21133
https://security.archlinux.org/CVE-2021-21134
https://security.archlinux.org/CVE-2021-21135
https://security.archlinux.org/CVE-2021-21136
https://security.archlinux.org/CVE-2021-21137
https://security.archlinux.org/CVE-2021-21138
https://security.archlinux.org/CVE-2021-21139
https://security.archlinux.org/CVE-2021-21140
https://security.archlinux.org/CVE-2021-21141

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyopera< 74.0.3911.75-1UNKNOWN

References

Related

openvas 10
fedora 2
nessus 10
suse 6
kaspersky 3
gentoo 1
freebsd 1
chrome 1
osv 1
debian 2
archlinux 1
mageia 1
veracode 19
alpinelinux 10
ubuntucve 18
prion 19
cvelist 19
debiancve 19
nvd 18
mscve 18
cve 19
redhatcve 1
openvas
openvas
Google Chrome Security Updates (stable-channel-update-for-desktop_19-2021-01) - Mac OS X
2021-01-20 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2021:0173-1)
2021-04-16 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_19-2021-01) - Linux
2021-01-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: chromium-88.0.4324.96-1.fc33
2021-01-24 01:30:29
[SECURITY] Fedora 32 Update: chromium-88.0.4324.96-1.fc32
2021-01-31 01:10:19
nessus
nessus
Fedora 32 : chromium (2021-b7cc24375b)
2021-02-01 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)
2021-01-25 00:00:00
GLSA-202101-13 : Chromium, Google Chrome: Multiple vulnerabilities
2021-01-25 00:00:00
suse
suse
Security update for chromium (important)
2021-01-29 00:00:00
Security update for chromium (important)
2021-01-27 00:00:00
Security update for chromium (important)
2021-01-27 00:00:00
kaspersky
kaspersky
KLA12178 Multiple vulnerabilities in Opera
2021-02-03 00:00:00
KLA12049 Multiple vulnerabilities in Microsoft Browsers
2021-01-21 00:00:00
KLA12048 Multiple vulnerabilities in Google Chrome
2021-01-19 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-01-22 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-01-19 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-01-19 00:00:00
osv
osv
chromium - security update
2021-02-07 00:00:00
debian
debian
[SECURITY] [DSA 4846-1] chromium security update
2021-02-07 19:07:28
[SECURITY] [DSA 4846-1] chromium security update
2021-02-07 19:07:28
archlinux
archlinux
[ASA-202102-4] vivaldi: multiple issues
2021-02-06 00:00:00
mageia
mageia
Updated qtwebengine5 packages fix security vulnerabilities
2021-08-15 11:38:04
veracode
veracode
Denial Of Service (DoS)
2021-01-22 21:32:18
Privilege Escalation
2021-01-22 21:32:26
Remote Code Execution (RCE)
2021-01-22 21:32:14
alpinelinux
alpinelinux
CVE-2021-21119
2021-02-09 14:15:15
CVE-2021-21120
2021-02-09 14:15:15
CVE-2021-21132
2021-02-09 14:15:16
ubuntucve
ubuntucve
CVE-2021-21119
2021-02-09 00:00:00
CVE-2021-21120
2021-02-09 00:00:00
CVE-2021-21133
2021-02-09 00:00:00
prion
prion
Privilege escalation
2021-02-09 14:15:00
Design/Logic Flaw
2021-02-09 14:15:00
Information disclosure
2021-02-09 14:15:00
cvelist
cvelist
CVE-2021-21117
2021-02-09 13:55:55
CVE-2021-21120
2021-02-09 13:55:57
CVE-2021-21136
2021-02-09 13:56:07
debiancve
debiancve
CVE-2021-21117
2021-02-09 14:15:15
CVE-2021-21118
2021-02-09 14:15:15
CVE-2021-21120
2021-02-09 14:15:15
nvd
nvd
CVE-2021-21117
2021-02-09 14:15:15
CVE-2021-21124
2021-02-09 14:15:15
CVE-2021-21118
2021-02-09 14:15:15
mscve
mscve
Chromium CVE-2021-21119: Use after free in Media
2021-01-21 08:00:00
Chromium: CVE-2021-21118 Insufficient data validation in V8
2021-01-21 08:00:00
Chromium CVE-2021-21120: Use after free in WebSQL
2021-01-21 08:00:00
cve
cve
CVE-2021-21118
2021-02-09 14:15:15
CVE-2021-21133
2021-02-09 14:15:16
CVE-2021-21122
2021-02-09 14:15:15
redhatcve
redhatcve
CVE-2021-21135
2022-05-20 23:17:46

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

74.7%

JSON
Related for ASA-202102-5
openvas10fedora2nessus10suse6kaspersky3gentoo1freebsd1chrome1osv1debian2archlinux1mageia1veracode19alpinelinux10ubuntucve18prion19cvelist19debiancve19nvd18mscve18cve19redhatcve1