CVSS: 9.3EPSS: 4%CPEs: 115EXPL: 0CVE-2009-0914
https://notcve.org/view.php?id=CVE-2009-0914
16 Mar 2009 — Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Opera en versiones anteriores a v9.64 permite a atacantes remotos ejecutar código de su elección mediante una imagen JPEG manipulada que provoca una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5683
https://notcve.org/view.php?id=CVE-2008-5683
19 Dec 2008 — Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. Una vulnerabilidad sin especificar en Opera 9.63 permite antes de atacantes remotos "revelar datos aleatorios" a través de vectores desconocidos. • http://secunia.com/advisories/34294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 10%CPEs: 114EXPL: 1CVE-2008-5680 – Opera 9.62 - 'file://' Local Heap Overflow
https://notcve.org/view.php?id=CVE-2008-5680
19 Dec 2008 — Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. Múltiples desbordamientos de búfer en versiones de Opera anteriores a la 9.63 podrían permitir (1) a atacantes remotos ejecutar código arbitrario a través de un textarea convenientemente modificada, o permitir (2) con ayuda de los usu... • https://www.exploit-db.com/exploits/7135 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5681
https://notcve.org/view.php?id=CVE-2008-5681
19 Dec 2008 — Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. Opera en versiones anteriores a la 9.63, no bloquea "URLs en scripts" durante la vista previa de servicios de suscipción a noticias, lo que permite a atacantes remotos leer las suscripciones y forzar suscripciones a URLs de noticias. • http://secunia.com/advisories/34294 •
CVSS: 6.1EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5682
https://notcve.org/view.php?id=CVE-2008-5682
19 Dec 2008 — Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. • http://osvdb.org/50951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 26%CPEs: 87EXPL: 1CVE-2008-4694 – Opera Web Browser 8.51 - URI redirection Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-4694
23 Oct 2008 — Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. Vulnerabilidad no especificada en Opera antes de la v.9.60 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante una redirección que especifica una URL manipulada. • https://www.exploit-db.com/exploits/32467 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 1%CPEs: 88EXPL: 0CVE-2008-4697
https://notcve.org/view.php?id=CVE-2008-4697
23 Oct 2008 — The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. La característica Fast Forward en Opera antes de la v9.61, cuando una página está en un marco, ejecuta un javascript: URL en el contexto de la última página en vez de la página que contiene esta URL, lo que permite a atacantes remotos llevar a c... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 88EXPL: 0CVE-2008-4698
https://notcve.org/view.php?id=CVE-2008-4698
23 Oct 2008 — Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. Opera antes de la v9.61 no bloquea correctamente los scripts durante la previsualización de una fuente de noticias, lo que permite a atacantes remotos crear subscripciones de nuevas fuentes y leer los contenidos de fuentes aleatorias. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2008-4725 – Opera 9.60 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4725
23 Oct 2008 — Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera v9.52 permite a atacantes remotos inyectar web script o HTML a través de la cadena de c... • https://www.exploit-db.com/exploits/6801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 85EXPL: 0CVE-2008-4292
https://notcve.org/view.php?id=CVE-2008-4292
27 Sep 2008 — Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. Opera anterior a v9.52 no comprueba el inválido CRL tras encontrar un certificado que carece de un CRL, lo cual tiene impacto y vectores de ataque desconocidos. NOTA: no está claro si esto es una vulnerabilidad, pero el vendedor lo incluye en la ... • http://bugs.gentoo.org/show_bug.cgi?id=235298 • CWE-255: Credentials Management Errors •