CVE-2010-1728
https://notcve.org/view.php?id=CVE-2010-1728
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. Opera anterior v10.53 en Windows y Mac OS X no maneja adecuadamente una serie de modificaciones en documentos que ocurren asíncronamente, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de JavaScript que escribe secuencias <marquee> en un bucle infinito, que conduce a un intento de uso de memoria inutilizada. NOTA: esto puede solaparse con CVE-2006-6955. • http://h.ackack.net/?p=258 http://my.opera.com/desktopteam/blog/2010/04/28/opera-10-53-rc1-for-windows-and-mac http://secunia.com/advisories/39590 http://www.opera.com/docs/changelogs/mac/1053 http://www.opera.com/docs/changelogs/windows/1053 http://www.opera.com/support/kb/view/953 http://www.vupen.com/english/advisories/2010/0999 https://exchange.xforce.ibmcloud.com/vulnerabilities/58231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. • CWE-399: Resource Management Errors •
CVE-2009-4071
https://notcve.org/view.php?id=CVE-2009-4071
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. Opera anterior v.10.10, cuando las stacktraces excepcionales son activadas, sitúa mensajes de error de código desde un sitio web en variables que pueden ser leídos por diferentes sitios web, permitiendo a atacantes remotos obtener información sensible o conducir un ataque de secuencias de comandos en sitios cruzados (XSS) a través de vectores no especificados. • http://osvdb.org/60527 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.opera.com/support/kb/view/941 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6385 • CWE-16: Configuration •
CVE-2009-4072
https://notcve.org/view.php?id=CVE-2009-4072
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no esperada en Opera anterior v.10.10 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo." • http://osvdb.org/60528 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543 •
CVE-2009-3266
https://notcve.org/view.php?id=CVE-2009-3266
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3044
https://notcve.org/view.php?id=CVE-2009-3044
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444 • CWE-310: Cryptographic Issues •