CVSS: 9.3EPSS: 1%CPEs: 97EXPL: 0CVE-2008-5679 – Gentoo Linux Security Advisory 200903-30
https://notcve.org/view.php?id=CVE-2008-5679
19 Dec 2008 — The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. El motor de análisis HTML en versiones de Opera anteriores a la 9.63 permite a atacantes remotos ejecutar código arbitrario a través de páginas web convenientemente modificadas ocasionando un calculo de puntero inválido y la corrupción del montículo (heap). Multiple vulnerabilities were found in Opera, the worst of which allow f... • http://secunia.com/advisories/34294 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5682 – Gentoo Linux Security Advisory 200903-30
https://notcve.org/view.php?id=CVE-2008-5682
19 Dec 2008 — Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. Multiple vulnerabilities were found in Opera, the worst of which allow for the execution of arbitrary code. Versio... • http://osvdb.org/50951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 73EXPL: 1CVE-2008-4794 – Gentoo Linux Security Advisory 200811-1
https://notcve.org/view.php?id=CVE-2008-4794
30 Oct 2008 — Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. Opera antes de v9.62 permite a atacantes remotos ejecutar comandos de su elección mediante la página de resultados Search History, una vulnerabilidad distinta a CVE-2008-4696. Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Versions below 9.62 are affected. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 9%CPEs: 73EXPL: 2CVE-2008-4795 – Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4795
30 Oct 2008 — The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. El panel de enlaces en Opera antes de v9.62 procesa el JavaScript dentro del contexto de la "última página" de un marco, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante ataques de secuencias de comandos en sitios cruzados (XSS) Multiple vulnerabilitie... • https://www.exploit-db.com/exploits/32548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 79EXPL: 0CVE-2008-4695 – Gentoo Linux Security Advisory 200811-1
https://notcve.org/view.php?id=CVE-2008-4695
23 Oct 2008 — Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. Opera versiones anteriores a v9.60 permite a atacantes remotos obtener información sensible y tener otros impactos desconocidos prediciendo la ruta de la caché de un applet de Java cacheado y entonces lanzar este applet desde la caché, ll... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 88EXPL: 0CVE-2008-4697 – Gentoo Linux Security Advisory 200811-1
https://notcve.org/view.php?id=CVE-2008-4697
23 Oct 2008 — The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. La característica Fast Forward en Opera antes de la v9.61, cuando una página está en un marco, ejecuta un javascript: URL en el contexto de la última página en vez de la página que contiene esta URL, lo que permite a atacantes remotos llevar a c... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 88EXPL: 0CVE-2008-4698 – Gentoo Linux Security Advisory 200811-1
https://notcve.org/view.php?id=CVE-2008-4698
23 Oct 2008 — Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. Opera antes de la v9.61 no bloquea correctamente los scripts durante la previsualización de una fuente de noticias, lo que permite a atacantes remotos crear subscripciones de nuevas fuentes y leer los contenidos de fuentes aleatorias. Multiple vulnerabilities have been discovered in Opera, allowing for the executio... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 18%CPEs: 87EXPL: 1CVE-2008-4694 – Opera Web Browser 8.51 - URI redirection Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-4694
23 Oct 2008 — Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. Vulnerabilidad no especificada en Opera antes de la v.9.60 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante una redirección que especifica una URL manipulada. Multiple vulnerabilities have been discovered in Opera, allowing for the executi... • https://www.exploit-db.com/exploits/32467 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 62%CPEs: 74EXPL: 5CVE-2008-4696 – Opera 9.50/9.61 historysearch - Command Execution
https://notcve.org/view.php?id=CVE-2008-4696
23 Oct 2008 — Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a través de identificadores ancla (también conocido com... • https://packetstorm.news/files/id/82264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 85EXPL: 0CVE-2008-4292 – Gentoo Linux Security Advisory 200811-1
https://notcve.org/view.php?id=CVE-2008-4292
27 Sep 2008 — Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. Opera anterior a v9.52 no comprueba el inválido CRL tras encontrar un certificado que carece de un CRL, lo cual tiene impacto y vectores de ataque desconocidos. NOTA: no está claro si esto es una vulnerabilidad, pero el vendedor lo incluye en la ... • http://bugs.gentoo.org/show_bug.cgi?id=235298 • CWE-255: Credentials Management Errors •