Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-6524

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Dec, 2007 | 20:00
Updated At-07 Aug, 2024 | 16:11
Rejected At-
Credits

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Dec, 2007 | 20:00
Updated At:07 Aug, 2024 | 16:11
Rejected At:
â–¼CVE Numbering Authority (CNA)

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.opera.com/docs/changelogs/windows/925/
x_refsource_CONFIRM
http://bugs.gentoo.org/show_bug.cgi?id=202770
x_refsource_MISC
http://securitytracker.com/id?1019435
vdb-entry
x_refsource_SECTRACK
http://www.opera.com/docs/changelogs/linux/925/
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/488264/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.opera.com/support/search/view/876/
x_refsource_CONFIRM
http://www.securitytracker.com/id?1019131
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/28314
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/26937
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
vdb-entry
x_refsource_XF
http://osvdb.org/42691
vdb-entry
x_refsource_OSVDB
https://bugzilla.mozilla.org/show_bug.cgi?id=408076
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
vendor-advisory
x_refsource_SUSE
http://security.gentoo.org/glsa/glsa-200712-22.xml
vendor-advisory
x_refsource_GENTOO
http://www.vupen.com/english/advisories/2007/4261
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/28169
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28290
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.opera.com/docs/changelogs/windows/925/
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=202770
Resource:
x_refsource_MISC
Hyperlink: http://securitytracker.com/id?1019435
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.opera.com/docs/changelogs/linux/925/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/488264/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.opera.com/support/search/view/876/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1019131
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/28314
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/26937
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://osvdb.org/42691
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.vupen.com/english/advisories/2007/4261
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/28169
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28290
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.opera.com/docs/changelogs/windows/925/
x_refsource_CONFIRM
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=202770
x_refsource_MISC
x_transferred
http://securitytracker.com/id?1019435
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.opera.com/docs/changelogs/linux/925/
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/488264/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.opera.com/support/search/view/876/
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1019131
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/28314
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/26937
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
vdb-entry
x_refsource_XF
x_transferred
http://osvdb.org/42691
vdb-entry
x_refsource_OSVDB
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=408076
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://security.gentoo.org/glsa/glsa-200712-22.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.vupen.com/english/advisories/2007/4261
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/28169
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28290
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.opera.com/docs/changelogs/windows/925/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=202770
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securitytracker.com/id?1019435
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.opera.com/docs/changelogs/linux/925/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/488264/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.opera.com/support/search/view/876/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019131
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/28314
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26937
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://osvdb.org/42691
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4261
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/28169
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28290
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Dec, 2007 | 20:46
Updated At:23 Apr, 2026 | 00:35

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N
CPE Matches

Opera
opera
>>opera_browser>>Versions up to 9.24(inclusive)
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.0
cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.02
cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.10
cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.11
cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>5.12
cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.0
cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.1
cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.01
cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.1
cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.02
cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.03
cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.04
cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.05
cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.06
cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.11
cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>6.12
cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.0
cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.0
cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.0
cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.0
cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.01
cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.02
cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.03
cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.10
cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.10
cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.11
cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.11
cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.20
cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.20
cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.21
cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.22
cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.23
cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.50
cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.50
cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.51
cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.52
cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*
Opera
opera
>>opera_browser>>7.53
cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://bugs.gentoo.org/show_bug.cgi?id=202770cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.htmlcve@mitre.org
N/A
http://osvdb.org/42691cve@mitre.org
N/A
http://secunia.com/advisories/28169cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/28290cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28314cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200712-22.xmlcve@mitre.org
N/A
http://securitytracker.com/id?1019435cve@mitre.org
N/A
http://www.opera.com/docs/changelogs/linux/925/cve@mitre.org
N/A
http://www.opera.com/docs/changelogs/windows/925/cve@mitre.org
Patch
http://www.opera.com/support/search/view/876/cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/488264/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/26937cve@mitre.org
N/A
http://www.securitytracker.com/id?1019131cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/4261cve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=408076cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/39163cve@mitre.org
N/A
http://bugs.gentoo.org/show_bug.cgi?id=202770af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/42691af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/28169af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/advisories/28290af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28314af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200712-22.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1019435af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.opera.com/docs/changelogs/linux/925/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.opera.com/docs/changelogs/windows/925/af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.opera.com/support/search/view/876/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/488264/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/26937af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1019131af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2007/4261af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=408076af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/39163af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=202770
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/42691
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/28169
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28290
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28314
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-22.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1019435
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.opera.com/docs/changelogs/linux/925/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.opera.com/docs/changelogs/windows/925/
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.opera.com/support/search/view/876/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/488264/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26937
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019131
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/4261
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=202770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/42691
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/28169
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28290
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28314
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-22.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1019435
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.opera.com/docs/changelogs/linux/925/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.opera.com/docs/changelogs/windows/925/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.opera.com/support/search/view/876/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/488264/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019131
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/4261
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39163
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

92Records found

CVE-2008-5683
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.47% / 70.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2008 | 16:09
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3078
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.05% / 85.96%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-1926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.56% / 83.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0815
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 59.52%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

Action-Not Available
Vendor-n/aGoogle LLCOpera
Product-androidopera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6469
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.35% / 68.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6466
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.90%
||
7 Day CHG~0.00%
Published-02 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1561
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 57.49%
||
7 Day CHG~0.00%
Published-14 Jul, 2008 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

Action-Not Available
Vendor-n/aOpera
Product-operan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5180
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-26 Dec, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

Action-Not Available
Vendor-n/aOpera
Product-opera_mobileopera_minin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-5068
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3210
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.90%
||
7 Day CHG~0.00%
Published-19 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4580
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.17% / 80.06%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4046
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.00% / 78.30%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-1310
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.21% / 64.55%
||
7 Day CHG~0.00%
Published-08 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0653
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.83% / 76.23%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 17:19
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6608
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.35% / 87.22%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3388
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.27% / 80.95%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7153
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-13.98% / 96.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Action-Not Available
Vendor-n/aApple Inc.Google LLCOperaMozilla CorporationMicrosoft Corporation
Product-internet_explorerfirefoxopera_browsersafariedgechromen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4695
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.98% / 92.41%
||
7 Day CHG~0.00%
Published-23 Oct, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

Action-Not Available
Vendor-n/aOpera
Product-operan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2715
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.82% / 76.05%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2659
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.54% / 71.95%
||
7 Day CHG~0.00%
Published-07 Jul, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

Action-Not Available
Vendor-unixn/aApple Inc.OperaMicrosoft Corporation
Product-unixmac_os_xopera_browserwindowsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4199
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.86% / 85.05%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-2022
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.92% / 91.06%
||
7 Day CHG~0.00%
Published-13 Apr, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

Action-Not Available
Vendor-n/aAdobe Inc.Opera
Product-flash_playeropera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-1563
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.85% / 90.94%
||
7 Day CHG~0.00%
Published-21 Mar, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7152
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-13.98% / 96.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Action-Not Available
Vendor-n/aApple Inc.Google LLCOperaMozilla CorporationMicrosoft Corporation
Product-internet_explorerfirefoxsafariedgechromeoperan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1325
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.00% / 89.26%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc3939_wireless_residential_voice_gatewaydpc3939_wireless_residential_voice_gateway_firmwaredpc3941_wireless_residential_voice_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2005-4836
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-3.50% / 87.75%
||
7 Day CHG~0.00%
Published-09 May, 2007 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0867
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.31%
||
7 Day CHG~0.00%
Published-30 Jan, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.

Action-Not Available
Vendor-careln/a
Product-plantvisor_enhancedn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0811
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.67%
||
7 Day CHG~0.00%
Published-07 Feb, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0956
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-46.19% / 98.67%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncThe Apache Software FoundationMicrosoft CorporationAdobe Inc.
Product-mac_os_xslingwindowslinux_kernelexperience_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-5322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.51% / 82.82%
||
7 Day CHG~0.00%
Published-03 Dec, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.

Action-Not Available
Vendor-easy-scriptn/a
Product-wysi_wiki_wygn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.30%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 18:49
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7910
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-2.07% / 79.07%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.

Action-Not Available
Vendor-exemysn/a
Product-telemetry_web_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2017-5803
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-7.60% / 93.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-nonstop_server_softwarenonstop_serverNonStop Servers using SSH Service
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7247
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-10.15% / 95.09%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dvg-n5402sp_firmwaredvg-n5402spn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.43% / 90.20%
||
7 Day CHG+0.04%
Published-29 May, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.

Action-Not Available
Vendor-n/aArcserve, LLC
Product-arcserve_unified_data_protectionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2121
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-2.90% / 85.23%
||
7 Day CHG+0.02%
Published-25 May, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_virtualizationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-1941
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-5.96% / 92.40%
||
7 Day CHG~0.00%
Published-30 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13158
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.59%
||
7 Day CHG~0.00%
Published-06 Dec, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.31% / 87.06%
||
7 Day CHG~0.00%
Published-07 Dec, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.

Action-Not Available
Vendor-entrypassn/a
Product-n5200_active_network_control_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.31% / 81.28%
||
7 Day CHG~0.00%
Published-25 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."

Action-Not Available
Vendor-n/aManageEngine (Zoho Corporation Pvt. Ltd.)
Product-oputilsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.14% / 86.33%
||
7 Day CHG~0.00%
Published-28 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Action-Not Available
Vendor-arrisn/a
Product-vap2500_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-7.38% / 93.67%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.

Action-Not Available
Vendor-alienvaultn/a
Product-open_source_security_information_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-2264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-02 Mar, 2014 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

Action-Not Available
Vendor-n/aSynology, Inc.
Product-diskstation_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0644
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-53.34% / 98.86%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-cloud_tiering_appliance_softwarecloud_tiering_appliancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0958
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.80% / 88.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windowslinux_kernelmac_os_xexperience_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.41% / 69.40%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-enterprise_openscape_branchopenscape_session_border_controllern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.41% / 69.40%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-enterprise_openscape_branchopenscape_session_border_controllern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-5209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.51% / 82.83%
||
7 Day CHG~0.00%
Published-29 Aug, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-14.96% / 96.30%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-prosafe_firmwareprosafe_gs724tprosafe_gs728tpsprosafe_gs752tpsprosafe_gs725tsprosafe_gs728tsprosafe_gs752txsprosafe_gs748tprosafe_gs510tpprosafe_gs728txsprosafe_s716tn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found