CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4690
https://notcve.org/view.php?id=CVE-2011-4690
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. Opera v11.60 y anteriores no impide la captura de datos sobre los tiempos de violación de "Same Origin Policy" durante los intentos de carga de IFRAME, lo que facilita a los atacantes remotos determinar si existe un documento en la caché del navegador a través de código JavaScript manipulado. • http://lcamtuf.coredump.cx/cachetime http://secunia.com/advisories/47128 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 120EXPL: 0CVE-2011-3388
https://notcve.org/view.php?id=CVE-2011-3388
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site. Opera antes de v11.51 permite a atacantes remotos provocar un sitio inseguro que ser seguro o de confianza a través de acciones no especificadas relacionadas con la validación extendida (EV) y la carga de contenidos desde fuentes de confianza en una secuencia no especificada que hace que el campo de dirección y el cuadro de diálogo de información de la página contengan información de seguridad del sitio de confianza, en vez del sitio inseguro. • http://osvdb.org/74828 http://secunia.com/advisories/45791 http://www.opera.com/docs/changelogs/mac/1151 http://www.opera.com/docs/changelogs/unix/1151 http://www.opera.com/docs/changelogs/windows/1151 http://www.opera.com/support/kb/view/1000 http://www.securityfocus.com/bid/49388 http://www.securitytracker.com/id?1025997 https://exchange.xforce.ibmcloud.com/vulnerabilities/69515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 3%CPEs: 121EXPL: 0CVE-2011-1337
https://notcve.org/view.php?id=CVE-2011-1337
Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages. Opera anterior a v11.50 permite a atacantes remotos causar una denegación de servicio (consumo de disco) a través de direcciones URL no válidas que desencadenan la creación de páginas de error. • http://jvn.jp/en/jp/JVN47757122/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000049.html http://secunia.com/advisories/45060 http://www.opera.com/docs/changelogs/mac/1150 http://www.opera.com/docs/changelogs/unix/1150 http://www.opera.com/docs/changelogs/windows/1150 http://www.opera.com/support/kb/view/996 http://www.osvdb.org/73486 http://www.securityfocus.com/bid/48501 https://exchange.xforce.ibmcloud.com/vulnerabilities/68323 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 121EXPL: 0CVE-2011-2610
https://notcve.org/view.php?id=CVE-2011-2610
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera anterior a v11.50 tiene un impacto y vectores de ataque desconocidos, en relación con un "problema de gravedad moderada". • http://www.opera.com/docs/changelogs/mac/1150 http://www.opera.com/docs/changelogs/unix/1150 http://www.opera.com/docs/changelogs/windows/1150 http://www.securityfocus.com/bid/48568 •
CVSS: 4.3EPSS: 0%CPEs: 121EXPL: 0CVE-2011-2609
https://notcve.org/view.php?id=CVE-2011-2609
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Opera anterior a v11.50 no restringe los datos correctamente: URIs, lo que hace más fácil para los atacantes remotos realizar ataques cross-site scripting (XSS) a través de un sitio web manipulado. • http://secunia.com/advisories/45060 http://www.opera.com/docs/changelogs/mac/1150 http://www.opera.com/docs/changelogs/unix/1150 http://www.opera.com/docs/changelogs/windows/1150 http://www.opera.com/support/kb/view/995 http://www.osvdb.org/73485 http://www.securityfocus.com/bid/48500 https://exchange.xforce.ibmcloud.com/vulnerabilities/68322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •