Описание
Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.
Below is a complete list of vulnerabilities:
- Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
- Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
- URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
- Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
- Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
- File download protection bypass vulnerability can be exploited to arbitrary code execution;
- Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
- Use-after-free vulnerability in media can be exploited to arbitrary code execution;
- IDN spoof vulnerability can be exploited to arbitrary code execution;
- CSP bypass vulnerability can be exploited to arbitrary code execution;
- CSS injection vulnerability can be exploited to arbitrary code execution;
- Cross-context information leak vulnerability can be exploited to arbitrary code execution;
- Extension permission bypass vulnerability can be exploited to arbitrary code execution;
- Service worker state error vulnerability can be exploited to arbitrary code execution;
- Address bar spoofing vulnerability can be exploited to arbitrary code execution;
- Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
- File storage disclosure vulnerability can be exploited to arbitrary code execution;
- URL bar spoofing vulnerability can be exploited to arbitrary code execution;
- Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
- HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Первичный источник обнаружения
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2019-13699 high
- CVE-2019-13700 high
- CVE-2019-13701 warning
- CVE-2019-13702 high
- CVE-2019-13703 warning
- CVE-2019-13704 warning
- CVE-2019-13705 warning
- CVE-2019-13706 high
- CVE-2019-13707 warning
- CVE-2019-13708 warning
- CVE-2019-13709 warning
- CVE-2019-13710 warning
- CVE-2019-13711 warning
- CVE-2019-15903 warning
- CVE-2019-13713 warning
- CVE-2019-13714 warning
- CVE-2019-13715 warning
- CVE-2019-13716 warning
- CVE-2019-13717 warning
- CVE-2019-13718 warning
- CVE-2019-13719 warning
- CVE-2019-13765 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!