Kaspersky ID:
KLA11721
Detect Date:
02/14/2020
Updated:
01/22/2024

Description

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A implementation vulnerability in Omnibox can be exploited to potentially execute arbitrary code.
  2. A policy enforcement vulneravility in Blink can be exploited to bypass security restrictions.
  3. Use after free vulnerability in audio component can be exploited to obtain sensitive information.
  4. A policy enforcement vulnerability in downloads component can be exploited to bypass security restrictions.
  5. Insufficient validation input vulnerability in Omnibox can be exploited to bypass security restrictions.
  6. A memory access vulnerability in streams component can be exploited to cause denial of service.
  7. A implementation vulnerability in Blink can be exploited to potentially execute arbitrary code.
  8. A memory access vulnerability in SQLite can be exploited to cause denial of service.
  9. A policy enforcement vulnerability in AppCache can be exploited to bypass security restrictions.
  10. A memory access vulnerability in WebRTC can be exploited to cause denial of service.
  11. A policy enforcement vulnerability in CORS can be exploited to bypass security restrictions.
  12. Read-operation memory vulnerability in SQLite can be exploited to cause denial of service.
  13. A policy enforcement vulnerability in Safe Browsing can be exploited to bypass security restrictions.
  14. A implementation vulnerability in installer component can be exploited to potentially execute arbitrary code.
  15. A policy enforcement vulnerability in Blink can be exploited to bypass security restrictions.
  16. Type confusion vulnerability in JavaScript can be exploited to cause denial of service.
  17. A data validation vulnerability in streams component can be exploited to bypass security restrictions.
  18. Write-operation memory vulnerability in WebRTC can be exploited to cause denial of service.
  19. A policy enforcement vulnerability in storage component can be exploited to bypass security restrictions.
  20. A memory access vulnerability in WebAudio can be exploited to cause denial of service.
  21. A implementation vulnerability in Skia can be exploited to potentially execute arbitrary code.
  22. A policy enforcement vulnerability in extensions component can be exploited to bypass security restrictions.
  23. A memory access vulnerability in XML can be exploited to cause denial of service.
  24. Security UI vulnerability in Omnibox can be exploited to perform domain spoofing.
  25. Security UI vulnerability in sharing component can be exploited to perform domain spoofing.
  26. A implementation vulnerability in CORS can be exploited to potentially execute arbitrary code.
  27. Uninitialized use vulnerability in PDFium can be exploited to bypass security restrictions and obtain sensitive information.
  28. Multi ‘SELECT’ vulnerability in SQLite can be exploited to cause denial of service.
  29. Insufficient validation input vulnerability in Blink can be exploited to bypass security restrictions.
  30. A policy enforcement vulnerability in navigation component can be exploited to bypass security restrictions.
  31. Integer overflow vulnerability in JavaScript can be exploited to cause denial of service.
  32. Read-operation memory vulnerability in JavaScript can be exploited to cause denial of service.
  33. A implementation vulnerability in JavaScript can be exploited to potentially execute arbitrary code.
  34. Zip-file update vulnerabilities in SQLite can be exploited to cause denial of service.
  35. Pointer dereference vulnerability in SQLite can be exploited to cause denial of service.
  36. Policy enforcement vulnerability in CSP can be expoited to bypass security restrictions.
  37. Security UI vulnerability in permissions component can be exploited to spoof user interface.
  38. Implementation vulnerability in AppCache can be exploited to execute arbitrary code and bypass security restrictions.
  39. Implementation vulnerability in interstitials component can be exploited to execute arbitrary code and bypass security restrictions.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2020-6409
    high
  • CVE-2020-6393
    warning
  • CVE-2020-6406
    high
  • CVE-2020-6402
    high
  • CVE-2020-6401
    warning
  • CVE-2020-6390
    high
  • CVE-2020-6413
    high
  • CVE-2019-19923
    warning
  • CVE-2020-6399
    warning
  • CVE-2020-6389
    high
  • CVE-2020-6408
    warning
  • CVE-2020-6405
    warning
  • CVE-2020-6414
    high
  • CVE-2020-6417
    warning
  • CVE-2020-6394
    high
  • CVE-2020-6382
    high
  • CVE-2020-6416
    high
  • CVE-2020-6387
    high
  • CVE-2020-6385
    high
  • CVE-2020-6388
    high
  • CVE-2020-6396
    warning
  • CVE-2020-6392
    warning
  • CVE-2019-18197
    high
  • CVE-2020-6403
    warning
  • CVE-2020-6411
    high
  • CVE-2020-6397
    warning
  • CVE-2020-6404
    high
  • CVE-2020-6412
    high
  • CVE-2020-6400
    warning
  • CVE-2020-6398
    high
  • CVE-2019-19926
    warning
  • CVE-2020-6391
    warning
  • CVE-2020-6410
    high
  • CVE-2020-6381
    high
  • CVE-2020-6395
    warning
  • CVE-2020-6415
    high
  • CVE-2019-19925
    warning
  • CVE-2019-19880
    warning
  • CVE-2020-6502
    warning
  • CVE-2020-6501
    warning
  • CVE-2020-6500
    warning
  • CVE-2020-6499
    warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.