Page 26 of 176 results (0.016 seconds)

CVSS: 9.3EPSS: 12%CPEs: 93EXPL: 1

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. Opera anterior v10.53 en Windows y Mac OS X no maneja adecuadamente una serie de modificaciones en documentos que ocurren asíncronamente, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de JavaScript que escribe secuencias <marquee> en un bucle infinito, que conduce a un intento de uso de memoria inutilizada. NOTA: esto puede solaparse con CVE-2006-6955. • http://h.ackack.net/?p=258 http://my.opera.com/desktopteam/blog/2010/04/28/opera-10-53-rc1-for-windows-and-mac http://secunia.com/advisories/39590 http://www.opera.com/docs/changelogs/mac/1053 http://www.opera.com/docs/changelogs/windows/1053 http://www.opera.com/support/kb/view/953 http://www.vupen.com/english/advisories/2010/0999 https://exchange.xforce.ibmcloud.com/vulnerabilities/58231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 1

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador inutilizado), mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 http://websecurity.com.ua/2456 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6350 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 110EXPL: 0

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de series de envíos automáticos de un formulario que contiene un elemento generador de claves, una vulnerabilidad relacionada con CVE-2009-1828. • http://websecurity.com.ua/3194 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6358 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 114EXPL: 0

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444 • CWE-310: Cryptographic Issues •