CVSS: 5.0EPSS: 0%CPEs: 112EXPL: 0CVE-2010-4582
https://notcve.org/view.php?id=CVE-2010-4582
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. Opera anterior v11.00 no maneja adecuadamente políticas de seguridad durante la actualización de extensiones, lo que puede permitir a atacantes remotos superar las restricciones de acceso establecidas a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/42653 http://www.opera.com/docs/changelogs/mac/1100 http://www.opera.com/docs/changelogs/unix/1100 http://www.opera.com/docs/changelogs/windows/1100 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 110EXPL: 0CVE-2010-4048
https://notcve.org/view.php?id=CVE-2010-4048
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. Opera anterior a v10.63 permite a servidores remotos asistidos por el usuario provocar una denegación de servicio (caída de la aplicación) mediante el envío de un redirect durante el guardado de un archivo. • http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12054 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 110EXPL: 0CVE-2010-4045
https://notcve.org/view.php?id=CVE-2010-4045
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. Opera anterior a v10.63 no restringe adecuadamente los script web en circunstancias no especificadas involucrando recargas y redirecciones, que permiten a atacantes remotos falsificar la Barra de Direcciones, dirigiendo un ataque de secuencias de comandos en sitios cruzados (XSS), y posiblemente ejecutando código de su elección aprovechando la capacidad del script para interactuar con la página web de (1) un dominio diferente o (2) un contexto de seguridad diferente. • http://secunia.com/advisories/41740 http://securitytracker.com/id?1024570 http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 http://www.opera.com/support/kb/view/973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12071 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 110EXPL: 0CVE-2010-4046
https://notcve.org/view.php?id=CVE-2010-4046
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. Opera anterior a v10.63 no verifica adecuadamente el origen del contenido de video, lo que permite a atacantes remotos obtener información sensible usando flujo de video como contenido canvas HTML5 • http://secunia.com/advisories/41740 http://securitytracker.com/id?1024570 http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 http://www.opera.com/support/kb/view/974 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11937 https://technet.microsoft.com/library/security/msvr11-002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 110EXPL: 0CVE-2010-4050
https://notcve.org/view.php?id=CVE-2010-4050
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element. Opera anterior a v10.63 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) referenciando a un documento SVG en un elemento IMG. • http://www.opera.com/docs/changelogs/mac/1063 http://www.opera.com/docs/changelogs/unix/1063 http://www.opera.com/docs/changelogs/windows/1063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11699 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •