CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1618 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2013-1618
08 Feb 2013 — The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación de TLS en Opera antes de v12.13 no se tienen debidamente en cuenta tiempos de canal lateral, ataques a una operación de comprobació... • http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-1637 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2013-1637
08 Feb 2013 — Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. Opera antes de 12.13 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con eventos DOM. Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Versions less than 12.13_p1734 are affected. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 30%CPEs: 8EXPL: 1CVE-2013-1638 – Opera SVG - Use-After-Free
https://notcve.org/view.php?id=CVE-2013-1638
08 Feb 2013 — Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. Opera antes de v12.13 permite a atacantes remotos ejecutar código a través de clipPaths diseñado en un documento SVG. Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Versions less than 12.13_p1734 are affected. • https://www.exploit-db.com/exploits/24448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1639 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2013-1639
08 Feb 2013 — Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. Opera anterior a v12.13 no envía las peticiones CORS del tipo "preflight" en todos los casos que se requiere, lo que permite a atacantes remotos evitar el mecanismo de protección CSRF a través de un un sitio web manipulado que provoca una petición CORS. Multiple vulnerabilities have been found in Opera, the wo... • http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 25%CPEs: 8EXPL: 0CVE-2013-1489 – 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)
https://notcve.org/view.php?id=CVE-2013-1489
31 Jan 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (... • http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 •
CVSS: 8.8EPSS: 0%CPEs: 165EXPL: 0CVE-2012-6460
https://notcve.org/view.php?id=CVE-2012-6460
02 Jan 2013 — Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. Opera v11.67 y anteriores y v12.x antes de v12.02, permite a atacantes remotos provocar el truncamiento de un diálogo, y posiblemente provocar la descarga y ejecución de programas de su elección, a través de un sitio web diseñado para tal fin. • http://www.opera.com/docs/changelogs/unified/1202 •
CVSS: 7.5EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6461 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6461
02 Jan 2013 — The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service. La funcionalidad de validación de certificado X.509 en la implementación de https en Opera antes de v12.10 permite a atacantes remotos provocar una falsa indicación de comprobación exitosa causando un fallo de un servicio de control simple. Multiple vulnerabilities hav... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6462 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6462
02 Jan 2013 — Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. Opera antes de v12.10 no implementa correctamente la especificición de compartición de recursos de origen cruzado (Cross-Origin Resource Sharing - CORS), la cual permite a atacantes remotos evitar restricciones de acceso a contenidos de páginas a través de una petición hecha a mano. Multiple vulnerabilities ha... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6463 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6463
02 Jan 2013 — Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Opera antes de v12.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados que involucran una secuencia de carga de documentos y carga de URLs del tipo 'data:' .... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6464 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6464
02 Jan 2013 — Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Opera antes de v12.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través código JavaScript que reemplaza los métodos de objetos nativos no especificados en los do... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •