6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.1%
Severity: High
Date : 2021-11-18
CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000
CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004
Package : opera
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2525
The package opera before version 81.0.4196.54-1 is vulnerable to
multiple issues including arbitrary code execution, insufficient
validation and access restriction bypass.
Upgrade to 81.0.4196.54-1.
The problems have been fixed upstream in version 81.0.4196.54.
None.
A use after free security issue has been found in the Sign-In component
of the Chromium browser engine before version 95.0.4638.69.
A use after free security issue has been found in the Garbage
Collection component of the Chromium browser engine before version
95.0.4638.69.
An insufficient data validation security issue has been found in the
New Tab Page component of the Chromium browser engine before version
95.0.4638.69.
An insufficient validation of untrusted input security issue has been
found in the Intents component of the Chromium browser engine before
version 95.0.4638.69. Google is aware that an exploit for
CVE-2021-38000 exists in the wild.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.69.
A use after free security issue has been found in the Web Transport
component of the Chromium browser engine before version 95.0.4638.69.
An inappropriate implementation security issue has been found in the V8
component of the Chromium browser engine before version 95.0.4638.69.
Google is aware that an exploit for CVE-2021-38003 exists in the wild.
An insufficient policy enforcement security issue has been found in the
Autofill component of the Chromium browser engine before version
95.0.4638.69.
A remote attacker could execute arbitrary code through crafted web
content. Google is aware that exploits for two of the security issues
exist in the wild.
https://blogs.opera.com/desktop/changelog-for-81/
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
https://crbug.com/1259864
https://crbug.com/1259587
https://crbug.com/1251541
https://crbug.com/1249962
https://crbug.com/1260577
https://crbug.com/1260940
https://crbug.com/1263462
https://crbug.com/1227170
https://security.archlinux.org/CVE-2021-37997
https://security.archlinux.org/CVE-2021-37998
https://security.archlinux.org/CVE-2021-37999
https://security.archlinux.org/CVE-2021-38000
https://security.archlinux.org/CVE-2021-38001
https://security.archlinux.org/CVE-2021-38002
https://security.archlinux.org/CVE-2021-38003
https://security.archlinux.org/CVE-2021-38004
blogs.opera.com/desktop/changelog-for-81/
chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
crbug.com/1227170
crbug.com/1249962
crbug.com/1251541
crbug.com/1259587
crbug.com/1259864
crbug.com/1260577
crbug.com/1260940
crbug.com/1263462
security.archlinux.org/AVG-2525
security.archlinux.org/CVE-2021-37997
security.archlinux.org/CVE-2021-37998
security.archlinux.org/CVE-2021-37999
security.archlinux.org/CVE-2021-38000
security.archlinux.org/CVE-2021-38001
security.archlinux.org/CVE-2021-38002
security.archlinux.org/CVE-2021-38003
security.archlinux.org/CVE-2021-38004
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.1%