CVE-2010-4585
https://notcve.org/view.php?id=CVE-2010-4585
Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update. Vulnerabilidad sin especificar en la funcionalidad auto-update en Opera anterior a v11.00 permite a los atacantes remotos causar una denegación de servicio (fallo de la aplicación) al lanzar una actualización Opera Unite. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/42653 http://www.opera.com/docs/changelogs/mac/1100 http://www.opera.com/docs/changelogs/unix/1100 http://www.opera.com/docs/changelogs/windows/1100 •
CVE-2010-4586
https://notcve.org/view.php?id=CVE-2010-4586
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. La configuración por defecto de Opera antes de v11.00 permite la funcionalidad WebSockets, lo cual tiene un impacto no especificado y vectores de ataque a distancia, posiblemente un problema relacionado con CVE-2010-4508. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/42653 http://www.opera.com/docs/changelogs/mac/1100 http://www.opera.com/docs/changelogs/unix/1100 http://www.opera.com/docs/changelogs/windows/1100 • CWE-16: Configuration •
CVE-2010-4582
https://notcve.org/view.php?id=CVE-2010-4582
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. Opera anterior v11.00 no maneja adecuadamente políticas de seguridad durante la actualización de extensiones, lo que puede permitir a atacantes remotos superar las restricciones de acceso establecidas a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/42653 http://www.opera.com/docs/changelogs/mac/1100 http://www.opera.com/docs/changelogs/unix/1100 http://www.opera.com/docs/changelogs/windows/1100 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-4046
https://notcve.org/view.php?id=CVE-2010-4046
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. Opera anterior a v10.63 no verifica adecuadamente el origen del contenido de video, lo que permite a atacantes remotos obtener información sensible usando flujo de video como contenido canvas HTML5 • http://secunia.com/advisories/41740 http://securitytracker.com/id?1024570 http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 http://www.opera.com/support/kb/view/974 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11937 https://technet.microsoft.com/library/security/msvr11-002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4047
https://notcve.org/view.php?id=CVE-2010-4047
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Opera anterior a v10.63 no selecciona adecuadamente el contexto de seguridad del código JavaScript asociado con una página de error, lo que permite a atacantes remotos asistidos por el usuario llevar a cabo ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de un sitio web manipulado. • http://secunia.com/advisories/41740 http://securitytracker.com/id?1024570 http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 http://www.opera.com/support/kb/view/976 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •