CVSS: 5.8EPSS: 0%CPEs: 75EXPL: 0CVE-2009-2068
https://notcve.org/view.php?id=CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Google Chrome detecta contenido http en páginas https únicamente cuando el marco (frame) de nivel superior usa https, lo que permite a atacantes "hombre-en-medio" (man-in-the-middle o MITM) ejecutar secuencias de comandos web de su elección, en un contexto de sitio https, modificando una página http para incluir un iframe https que referencia al archivo en un sitio http con la secuencia de comandos. Relacionado con "Páginas HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/51192 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 115EXPL: 0CVE-2009-0914
https://notcve.org/view.php?id=CVE-2009-0914
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Opera en versiones anteriores a v9.64 permite a atacantes remotos ejecutar código de su elección mediante una imagen JPEG manipulada que provoca una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34135 http://secunia.com/advisories/34294 http://secunia.com/advisories/34418 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021782 http://www.openwall.com/lists/oss-security/2009/03/07/1 http://www.opera.com/docs/changelogs/freebsd/964 http://www.opera.com/docs/changelogs/linux/964 http://www.opera.com/docs/changelogs/mac/964 h • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 115EXPL: 0CVE-2009-0916
https://notcve.org/view.php?id=CVE-2009-0916
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera versión anterior a v9.64 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo". • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34135 http://secunia.com/advisories/34418 http://www.opera.com/docs/changelogs/freebsd/964 http://www.opera.com/docs/changelogs/linux/964 http://www.opera.com/docs/changelogs/mac/964 http://www.opera.com/docs/changelogs/solaris/964 http://www.opera.com/docs/changelogs/windows/964 http://www.securityfocus.com/bid/33961 http://www.vupen.com/english/advisories/2009/0 •
CVSS: 9.3EPSS: 10%CPEs: 114EXPL: 1CVE-2008-5680 – Opera 9.62 - 'file://' Local Heap Overflow
https://notcve.org/view.php?id=CVE-2008-5680
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. Múltiples desbordamientos de búfer en versiones de Opera anteriores a la 9.63 podrían permitir (1) a atacantes remotos ejecutar código arbitrario a través de un textarea convenientemente modificada, o permitir (2) con ayuda de los usuarios a atacantes remotos ejecutar código arbitrario a través de un nombre de host demasiado largo en un archivo. • https://www.exploit-db.com/exploits/7135 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021457 http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/920 http://www.opera.com/support/kb/view/922 http://www.securityfocus.com/archive/1/498452/100/0/threaded http://www.securityfocus.com/archive/1/498481/100/0/threaded http://www.securityfocus.com/archive/1/498499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5681
https://notcve.org/view.php?id=CVE-2008-5681
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. Opera en versiones anteriores a la 9.63, no bloquea "URLs en scripts" durante la vista previa de servicios de suscipción a noticias, lo que permite a atacantes remotos leer las suscripciones y forzar suscripciones a URLs de noticias. • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/923 http://www.securitytracker.com/id?1021461 •