Page 33 of 178 results (0.002 seconds)

CVSS: 9.3EPSS: 2%CPEs: 9EXPL: 1

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. Opera anterior a 9.27 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante una fuente newsfeed manipulada, lo cual dispara un acceso a memoria inválido. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29662 http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/support/search/view/881 http://www.securityfocus.com/bid/28585 http://www.vupen.com/english/advisories/2008/1084/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41625 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 0%CPEs: 89EXPL: 0

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Una vulnerabilidad no especificada en Opera versiones anteriores a 9.27, presenta un impacto desconocido y vectores de ataque remotos relacionados con el "keyboard handling of password inputs". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/docs/changelogs/windows/927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41834 •

CVSS: 6.8EPSS: 1%CPEs: 103EXPL: 0

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. Opera en versiones anteriores a 9.26 permite a atacantes remotos con la complicidad del usuario ejecutar secuencias de comandos de su elección a través de imágenes que contienen comentarios personalizados, las cuales son tratadas como una secuencia de comandos cuando el usuario muestra las propiedades de una imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/879 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 103EXPL: 0

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. Opera versiones anteriores a 9.26 permite a atacantes remotos "evitar los filtos de limpieza" y realizar un ataque se secuencias de comandos en sitios cruzados (XSS) a través de valores de atributos manipulados en un documento XML, lo cual no son propiedades manejadas durante una presentación DOM. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/880 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 103EXPL: 0

Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/877 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-20: Improper Input Validation •