CVSS: 9.8EPSS: 14%CPEs: 93EXPL: 1CVE-2010-1728
https://notcve.org/view.php?id=CVE-2010-1728
05 May 2010 — Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2009-4071
https://notcve.org/view.php?id=CVE-2009-4071
24 Nov 2009 — Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. Opera anterior v.10.10, cuando las stacktraces excepcionales son activadas, sitúa mensajes de error de código desde un sitio web en variables que pueden ser leídos por diferentes sitios web, permitiendo a atacantes... • http://osvdb.org/60527 • CWE-16: Configuration •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2009-4072
https://notcve.org/view.php?id=CVE-2009-4072
24 Nov 2009 — Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no esperada en Opera anterior v.10.10 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo." • http://osvdb.org/60528 •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2009-3832
https://notcve.org/view.php?id=CVE-2009-3832
30 Oct 2009 — Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. Opera en versiones anteriores a v10.01 corriendo sobre Windows no previene el uso de fuentes web en el renderizado de la interfaz de usuario, lo que permite a atacantes remotos falsificar el campo "dirección" a través de una pagina web manipulada. • http://secunia.com/advisories/37182 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2009-3831
https://notcve.org/view.php?id=CVE-2009-3831
30 Oct 2009 — Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Opera v10.01 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un nombre de dominio manipulado. • http://secunia.com/advisories/37182 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2009-3269
https://notcve.org/view.php?id=CVE-2009-3269
18 Sep 2009 — Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de series de envíos automáticos de un formulario que contiene un elemento generador de claves, una vulnerabilidad relacionada con CVE-2009-1828. • http://websecurity.com.ua/3194 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 86EXPL: 1CVE-2008-7245 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7245
18 Sep 2009 — Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador inutilizado), mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 105EXPL: 1CVE-2009-3266
https://notcve.org/view.php?id=CVE-2009-3266
18 Sep 2009 — Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que ... • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3265
https://notcve.org/view.php?id=CVE-2009-3265
18 Sep 2009 — Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera 9 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma ar... • http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3046
https://notcve.org/view.php?id=CVE-2009-3046
02 Sep 2009 — Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. Opera anterior v10.00 no chequea todos los certificados X.509 de revocación, lo que hace que los servidores remotos SSL superen fácilemente la validación del certificado a través de certificados revocados. • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-295: Improper Certificate Validation •