CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2009-3831
https://notcve.org/view.php?id=CVE-2009-3831
30 Oct 2009 — Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Opera v10.01 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un nombre de dominio manipulado. • http://secunia.com/advisories/37182 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 105EXPL: 1CVE-2009-3266
https://notcve.org/view.php?id=CVE-2009-3266
18 Sep 2009 — Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que ... • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3265
https://notcve.org/view.php?id=CVE-2009-3265
18 Sep 2009 — Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera 9 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma ar... • http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3046
https://notcve.org/view.php?id=CVE-2009-3046
02 Sep 2009 — Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. Opera anterior v10.00 no chequea todos los certificados X.509 de revocación, lo que hace que los servidores remotos SSL superen fácilemente la validación del certificado a través de certificados revocados. • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3049
https://notcve.org/view.php?id=CVE-2009-3049
02 Sep 2009 — Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. Opera anterior v10.00 no muestra apropiadamente todos los caracteres en el nombre de dominio (IDN) en la barra de direcciones, lo que permite a atacantes remotos falsificar las URLs y derivar en ataques phishing, relacionado con Unicode y Punycode. • http://www.opera.com/docs/changelogs/freebsd/1000 •
CVSS: 5.9EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3045
https://notcve.org/view.php?id=CVE-2009-3045
02 Sep 2009 — Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. opera anterior a v10.00 confía en los certificados raíz X.509 firmados con el algoritmo MD2, lo que facilita a atacantes hombre-en-el-medio (Man-in-the-middle) suplantar cualquier servidor SSL a través de un certificado de servidor manipulado. • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 114EXPL: 0CVE-2009-3044
https://notcve.org/view.php?id=CVE-2009-3044
02 Sep 2009 — Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual ... • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 123EXPL: 0CVE-2009-3048
https://notcve.org/view.php?id=CVE-2009-3048
02 Sep 2009 — Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." Opera anterior a la v10.00 sobre Linux, SOlaris y FreeBSD no implementa adecuadamente la funcionalidad "INPUT TYPE=file", lo que permite a atacantes remotos engañar al usuario para que suba un archivo a través de vectores que involucran un "archivo para descargar" (dropped fil... • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3047
https://notcve.org/view.php?id=CVE-2009-3047
02 Sep 2009 — Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. Opera anterior a v10.00, cuando se usa una dirección colapsada en la barra, no actualiza adecuadamente el nombre de dominio del sitio web previo al sitio web actual, lo que podría permitir a atacantes remotos suplantar URLs. • http://www.opera.com/docs/changelogs/freebsd/1000 •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2009-3013
https://notcve.org/view.php?id=CVE-2009-3013
31 Aug 2009 — Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. Opera v9.52... • http://websecurity.com.ua/3323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •