CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 1CVE-2009-2059
https://notcve.org/view.php?id=CVE-2009-2059
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Opera, posiblemente anteriores a v9.25, utiliza una cabecera HTTP Host para determinar el contexto de un documento propocionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comandos web modificando la respuesta CONEXIÓN, también conocida como un ataque "forzado SSL". • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 115EXPL: 0CVE-2009-0914
https://notcve.org/view.php?id=CVE-2009-0914
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Opera en versiones anteriores a v9.64 permite a atacantes remotos ejecutar código de su elección mediante una imagen JPEG manipulada que provoca una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34135 http://secunia.com/advisories/34294 http://secunia.com/advisories/34418 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021782 http://www.openwall.com/lists/oss-security/2009/03/07/1 http://www.opera.com/docs/changelogs/freebsd/964 http://www.opera.com/docs/changelogs/linux/964 http://www.opera.com/docs/changelogs/mac/964 h • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2009-0915
https://notcve.org/view.php?id=CVE-2009-0915
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. Opera en versiones anteriores a v9.64 permite a atacantes remotos dirigir ataques de ejecución de secuencias de comandos en dominios cruzados mediante vectores no especificados relacionados con sus extensiones. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34135 http://secunia.com/advisories/34418 http://www.opera.com/docs/changelogs/freebsd/964 http://www.opera.com/docs/changelogs/linux/964 http://www.opera.com/docs/changelogs/mac/964 http://www.opera.com/docs/changelogs/solaris/964 http://www.opera.com/docs/changelogs/windows/964 http://www.securityfocus.com/bid/33961 http://www.vupen.com/english/advisories/2009/0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 115EXPL: 0CVE-2009-0916
https://notcve.org/view.php?id=CVE-2009-0916
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera versión anterior a v9.64 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo". • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34135 http://secunia.com/advisories/34418 http://www.opera.com/docs/changelogs/freebsd/964 http://www.opera.com/docs/changelogs/linux/964 http://www.opera.com/docs/changelogs/mac/964 http://www.opera.com/docs/changelogs/solaris/964 http://www.opera.com/docs/changelogs/windows/964 http://www.securityfocus.com/bid/33961 http://www.vupen.com/english/advisories/2009/0 •
CVSS: 9.3EPSS: 10%CPEs: 114EXPL: 1CVE-2008-5680 – Opera 9.62 - 'file://' Local Heap Overflow
https://notcve.org/view.php?id=CVE-2008-5680
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. Múltiples desbordamientos de búfer en versiones de Opera anteriores a la 9.63 podrían permitir (1) a atacantes remotos ejecutar código arbitrario a través de un textarea convenientemente modificada, o permitir (2) con ayuda de los usuarios a atacantes remotos ejecutar código arbitrario a través de un nombre de host demasiado largo en un archivo. • https://www.exploit-db.com/exploits/7135 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021457 http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/920 http://www.opera.com/support/kb/view/922 http://www.securityfocus.com/archive/1/498452/100/0/threaded http://www.securityfocus.com/archive/1/498481/100/0/threaded http://www.securityfocus.com/archive/1/498499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •