Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA61309
HistoryAug 09, 2023 - 12:00 a.m.

KLA61309 Multiple vulnerabilities in Opera

2023-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
23
opera
vulnerabilities
ace
update
exploitation
denial of service
arbitrary code
bypass
security restrictions
malware
exploit
kaspersky
cve-2023-4071
cve-2023-4072
cve-2023-4077
cve-2023-4074
cve-2023-4075
cve-2023-4076
cve-2023-4069
cve-2023-4078
cve-2023-4068
cve-2023-4073
cve-2023-4070
security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  2. Use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
  3. Use after free vulnerability in Cast can be exploited to cause denial of service or execute arbitrary code.
  4. Out of bounds read vulnerability in WebGL can be exploited to cause denial of service.
  5. Implementation vulnerability in Extensions can be exploited to cause denial of service.
  6. Out of bounds memory access vulnerability in ANGLE can be exploited to cause denial of service.
  7. Heap buffer overflow vulnerability in Visuals can be exploited to cause denial of service.
  8. Data validation vulnerability in Extensions can be exploited to cause denial of service.
  9. Use after free vulnerability in Blink Task Scheduling can be exploited to cause denial of service or execute arbitrary code.

Original advisories

Stable Channel Update for Desktop

Opera 101.0.4843.43 Stable update

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Opera

CVE list

CVE-2023-4071 critical

CVE-2023-4072 critical

CVE-2023-4077 critical

CVE-2023-4074 critical

CVE-2023-4075 critical

CVE-2023-4076 critical

CVE-2023-4069 critical

CVE-2023-4078 critical

CVE-2023-4068 critical

CVE-2023-4073 critical

CVE-2023-4070 critical

Solution

Update to the latest version

Download Opera

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Opera earlier than 101.0.4843.43

Related

openvas 8
nessus 14
debian 1
chrome 1
osv 14
freebsd 2
kaspersky 2
photon 2
cvelist 11
prion 11
veracode 11
alpinelinux 3
debiancve 11
mscve 11
nvd 11
cve 11
cnvd 5
ubuntucve 11
github 1
gentoo 3
fedora 1
rapid7blog 1
openvas
openvas
Google Chrome Security Updates (stable-channel-update-for-desktop-2023-08) - Mac OS X
2023-08-03 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0216-1)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5467-1)
2023-08-07 00:00:00
nessus
nessus
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0216-1)
2023-08-08 00:00:00
Google Chrome < 115.0.5790.170 Multiple Vulnerabilities
2023-08-02 00:00:00
Google Chrome < 115.0.5790.170 Multiple Vulnerabilities
2023-08-02 00:00:00
debian
debian
[SECURITY] [DSA 5467-1] chromium security update
2023-08-04 18:23:28
chrome
chrome
Stable Channel Update for Desktop
2023-08-02 00:00:00
osv
osv
ungoogled-chromium-115.0.5790.170-1.1 on GA media
2024-06-15 00:00:00
chromium - security update
2023-08-04 00:00:00
chromedriver-115.0.5790.170-1.1 on GA media
2024-06-15 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-08-02 00:00:00
electron25 -- multiple vulnerabilities
2023-08-23 00:00:00
kaspersky
kaspersky
KLA51621 Multiple vulnerabilities in Google Chrome
2023-08-02 00:00:00
KLA51709 Multiple vulnerabilities in Microsoft Browser
2023-08-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0081
2023-08-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0459
2023-08-28 00:00:00
cvelist
cvelist
CVE-2023-4071
2023-08-03 00:27:46
CVE-2023-4075
2023-08-03 00:27:47
CVE-2023-4078
2023-08-03 00:27:47
prion
prion
Heap overflow
2023-08-03 01:15:00
Design/Logic Flaw
2023-08-03 01:15:00
Design/Logic Flaw
2023-08-03 01:15:00
veracode
veracode
Denial Of Service (DoS)
2023-08-06 11:58:48
Use After Free
2023-08-06 11:58:41
Cross-site Scripting (XSS)
2023-08-06 12:01:21
alpinelinux
alpinelinux
CVE-2023-4074
2023-08-03 01:15:11
CVE-2023-4071
2023-08-03 01:15:11
CVE-2023-4076
2023-08-03 01:15:12
debiancve
debiancve
CVE-2023-4075
2023-08-03 01:15:11
CVE-2023-4071
2023-08-03 01:15:11
CVE-2023-4078
2023-08-03 01:15:12
mscve
mscve
Chromium: CVE-2023-4071 Heap buffer overflow in Visuals
2023-08-07 07:00:00
Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling
2023-08-07 07:00:00
Chromium: CVE-2023-4078 Inappropriate implementation in Extensions
2023-08-07 07:00:00
nvd
nvd
CVE-2023-4071
2023-08-03 01:15:11
CVE-2023-4078
2023-08-03 01:15:12
CVE-2023-4074
2023-08-03 01:15:11
cve
cve
CVE-2023-4071
2023-08-03 01:15:11
CVE-2023-4078
2023-08-03 01:15:12
CVE-2023-4075
2023-08-03 01:15:11
cnvd
cnvd
Google Chrome Code Execution Vulnerability (CNVD-2023-63471)
2023-08-06 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-63469)
2023-08-06 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-63464)
2023-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2023-4078
2023-08-03 00:00:00
CVE-2023-4071
2023-08-03 00:00:00
CVE-2023-4074
2023-08-03 00:00:00
github
github
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
2023-10-17 15:00:55
gentoo
gentoo
QtWebEngine: Multiple Vulnerabilities
2023-12-22 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-115.0.5790.170-1.fc38
2023-08-12 04:26:44
rapid7blog
rapid7blog
Patch Tuesday - August 2023
2023-08-08 21:11:35

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON
Related for KLA61309
openvas8nessus14debian1chrome1osv14freebsd2kaspersky2photon2cvelist11prion11veracode11alpinelinux3debiancve11mscve11nvd11cve11cnvd5ubuntucve11github1gentoo3fedora1rapid7blog1