FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371418
Date:      2014-10-24
Time:      01:58:13Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0925716f-34e2-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.


Discovery 2012-11-19
Entry 2012-11-22
Modified 2014-04-30
opera
lt 12.11

opera-devel
lt 12.11

linux-opera
lt 12.11

linux-opera-devel
lt 12.11

http://www.opera.com/support/kb/view/1036/
38daea4f-2851-11e2-9483-14dae938ec40opera -- multiple vulnerabilities

Opera reports:

CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the correct headers that give permission for their contents to be used in this way. Specially crafted requests may trick Opera into thinking that the target site has given permission when it had not done so. This can result in the contents of any target page being revealed to untrusted sites, including any sensitive information or session IDs contained within the source of those pages.

Also reported are vulnerabilities involving SVG graphics and XSS.


Discovery 2012-11-06
Entry 2012-11-06
Modified 2014-04-30
opera
lt 12.10

opera-devel
lt 12.10

linux-opera
lt 12.10

linux-opera-devel
lt 12.10

http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
85f33a8d-492f-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.


Discovery 2012-12-18
Entry 2012-12-18
Modified 2014-04-30
opera
lt 12.12

opera-devel
lt 12.12

linux-opera
lt 12.12

linux-opera-devel
lt 12.12

http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
ea0f45e2-6c4b-11e2-98d9-003067c2616fopera -- execution of arbitrary code

Opera reports:

Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed.


Discovery 2013-01-30
Entry 2013-02-01
opera
opera-devel
linux-opera
linux-opera-devel
lt 12.13

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/