CVSS: 9.8EPSS: 7%CPEs: 9EXPL: 1CVE-2008-1761 – Gentoo Linux Security Advisory 200804-14
https://notcve.org/view.php?id=CVE-2008-1761
12 Apr 2008 — Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. Opera anterior a 9.27 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante una fuente newsfeed manipulada, lo cual dispara un acceso a memoria inválido. Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 21%CPEs: 79EXPL: 1CVE-2008-1762 – Opera Web Browser 9.26 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1762
12 Apr 2008 — Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. Opera versiones anteriores a 9.27, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un patrón de imagen escalado diseñado en un elemento CANVAS de HTML, que desencadena corrupción de memoria. Michal Zalewski reported tw... • https://www.exploit-db.com/exploits/31594 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 89EXPL: 0CVE-2008-1764 – Gentoo Linux Security Advisory 200804-14
https://notcve.org/view.php?id=CVE-2008-1764
12 Apr 2008 — Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Una vulnerabilidad no especificada en Opera versiones anteriores a 9.27, presenta un impacto desconocido y vectores de ataque remotos relacionados con el "keyboard handling of password inputs". Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use sc... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html •
CVSS: 7.5EPSS: 1%CPEs: 103EXPL: 0CVE-2008-1080 – Gentoo Linux Security Advisory 200803-9
https://notcve.org/view.php?id=CVE-2008-1080
29 Feb 2008 — Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path (CVE-2... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 103EXPL: 0CVE-2008-1081 – Gentoo Linux Security Advisory 200803-9
https://notcve.org/view.php?id=CVE-2008-1081
29 Feb 2008 — Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. Opera en versiones anteriores a 9.26 permite a atacantes remotos con la complicidad del usuario ejecutar secuencias de comandos de su elección a través de imágenes que contienen comentarios personalizados, las cuales son tratadas como una secuencia de comandos cuando el usuario muestra las propiedades de una imag... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 103EXPL: 0CVE-2008-1082 – Gentoo Linux Security Advisory 200803-9
https://notcve.org/view.php?id=CVE-2008-1082
29 Feb 2008 — Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. Opera versiones anteriores a 9.26 permite a atacantes remotos "evitar los filtos de limpieza" y realizar un ataque se secuencias de comandos en sitios cruzados (XSS) a través de valores de atributos manipulados en un documento XML, lo cual no son propiedades manejadas durante una pres... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 1CVE-2007-6523
https://notcve.org/view.php?id=CVE-2007-6523
24 Dec 2007 — Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. Vulnerabilidad de complejidad algorítmica en Opera 9.50 beta y 9.x anterior a 9.25 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante un archivo bitmap (BMP) manipulado que dispara un gran número de cálculos y comprobaciones. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 102EXPL: 0CVE-2007-6520 – Gentoo Linux Security Advisory 200712-22
https://notcve.org/view.php?id=CVE-2007-6520
24 Dec 2007 — Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuecias de comandos de dominios cruzados a través de vectores desconocidos relacionado con extensiones. David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue... • http://bugs.gentoo.org/show_bug.cgi?id=202770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 14%CPEs: 102EXPL: 0CVE-2007-6521 – Gentoo Linux Security Advisory 200712-22
https://notcve.org/view.php?id=CVE-2007-6521
24 Dec 2007 — Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. Vulnerabilidad no especificada en Opera anterior a 9.25 permite a atacantes remotos ejecutar código de su elección a través de certificados TLS manipulados. David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates... • http://bugs.gentoo.org/show_bug.cgi?id=202770 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 1%CPEs: 102EXPL: 0CVE-2007-6522 – Gentoo Linux Security Advisory 200712-22
https://notcve.org/view.php?id=CVE-2007-6522
24 Dec 2007 — The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. El texto enriquecido en la funcionalidad de edición de Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de dominios cruzados utilizando el modo diseño (designMode) para modificar contenidos de páginas en otros dominios. David Bloom reported two vulnerabilities where plug-in... • http://bugs.gentoo.org/show_bug.cgi?id=202770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •