CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-4071
https://notcve.org/view.php?id=CVE-2009-4071
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. Opera anterior v.10.10, cuando las stacktraces excepcionales son activadas, sitúa mensajes de error de código desde un sitio web en variables que pueden ser leídos por diferentes sitios web, permitiendo a atacantes remotos obtener información sensible o conducir un ataque de secuencias de comandos en sitios cruzados (XSS) a través de vectores no especificados. • http://osvdb.org/60527 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.opera.com/support/kb/view/941 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6385 • CWE-16: Configuration •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2009-4072
https://notcve.org/view.php?id=CVE-2009-4072
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no esperada en Opera anterior v.10.10 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo." • http://osvdb.org/60528 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543 •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2009-3831
https://notcve.org/view.php?id=CVE-2009-3831
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Opera v10.01 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un nombre de dominio manipulado. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/938 http://www.osvdb.org/59357 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3832
https://notcve.org/view.php?id=CVE-2009-3832
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. Opera en versiones anteriores a v10.01 corriendo sobre Windows no previene el uso de fuentes web en el renderizado de la interfaz de usuario, lo que permite a atacantes remotos falsificar el campo "dirección" a través de una pagina web manipulada. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/940 http://www.osvdb.org/59359 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6384 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3265
https://notcve.org/view.php?id=CVE-2009-3265
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera 9 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de feeds (1) RSS o (2) Atom, relacionado con el renderizado de contenido del tipo application/rss+xml como "contenido de secuencias de comandos". NOTA: El fabricante considera esto como una "característica de diseño" y no una vulnerabilidad. • http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://www.securityfocus.com/archive/1/506517/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •