Page 33 of 323 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. Opera v9.52 no gestiona adecuadamente un elemento IFRAME con un mailto: URL en su atributo SRC, que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento HTML con elementos IFRAME • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11952 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. Opera v9.52 ejecuta una aplicación mail en situaciones donde un elemento IMG tiene un atributo SRC que es una redirección a mailto: URL que permite a atacantes remotos causar una denegación de servicio (lanzamiento de demasiadas aplicaciones) a través de un documento con varias imágenes, un proplema relacionado con CVE-2010-0181. • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11664 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 12%CPEs: 93EXPL: 1

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. Opera anterior v10.53 en Windows y Mac OS X no maneja adecuadamente una serie de modificaciones en documentos que ocurren asíncronamente, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de JavaScript que escribe secuencias <marquee> en un bucle infinito, que conduce a un intento de uso de memoria inutilizada. NOTA: esto puede solaparse con CVE-2006-6955. • http://h.ackack.net/?p=258 http://my.opera.com/desktopteam/blog/2010/04/28/opera-10-53-rc1-for-windows-and-mac http://secunia.com/advisories/39590 http://www.opera.com/docs/changelogs/mac/1053 http://www.opera.com/docs/changelogs/windows/1053 http://www.opera.com/support/kb/view/953 http://www.vupen.com/english/advisories/2010/0999 https://exchange.xforce.ibmcloud.com/vulnerabilities/58231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 87%CPEs: 5EXPL: 3

Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. Desbordamiento de entero en el navegador Opera v10.10 a v10.50 permite a atacantes remotos ejecutar código arbitrario mediante un valor grande en el campo Content-Length, que desencadena un desbordamiento de montículo. • https://www.exploit-db.com/exploits/11622 http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue http://osvdb.org/62714 http://secunia.com/advisories/38820 http://www.exploit-db.com/exploits/11622 http://www.opera.com/support/kb/view/948 http://www.securityfocus.com/bid/38519 http://www.securitytracker.com/id?1023690 http://www.vupen.com/english/advisories/2010/0529 https://exchange.xforce.ibmcloud.com/vulnerabilities/56673 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. Opera v10.50 permite a atacantes remotos obtener información a través de construcciones XSLT manipuladas, lo que provoca devuelva contenidos cacheados de otras páginas. • http://secunia.com/advisories/38820 http://www.opera.com/docs/changelogs/windows/1051 http://www.opera.com/support/kb/view/949 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •