CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0653
https://notcve.org/view.php?id=CVE-2010-0653
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Opera permite carga de hojas de estilo CSS de origen cruzado incluso cuando la descarga de hojas de estilo tiene un tipo MIME incorrecto y el documento de hoja de estilos es incorrecto, lo cual permite a los servidores HTTP remotos obtener información sensible a través de un documento manipulado. • http://code.google.com/p/chromium/issues/detail?id=9877 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html http://websec.sv.cmu.edu/css/css.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-4071
https://notcve.org/view.php?id=CVE-2009-4071
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. Opera anterior v.10.10, cuando las stacktraces excepcionales son activadas, sitúa mensajes de error de código desde un sitio web en variables que pueden ser leídos por diferentes sitios web, permitiendo a atacantes remotos obtener información sensible o conducir un ataque de secuencias de comandos en sitios cruzados (XSS) a través de vectores no especificados. • http://osvdb.org/60527 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.opera.com/support/kb/view/941 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6385 • CWE-16: Configuration •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2009-4072
https://notcve.org/view.php?id=CVE-2009-4072
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no esperada en Opera anterior v.10.10 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo." • http://osvdb.org/60528 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3832
https://notcve.org/view.php?id=CVE-2009-3832
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. Opera en versiones anteriores a v10.01 corriendo sobre Windows no previene el uso de fuentes web en el renderizado de la interfaz de usuario, lo que permite a atacantes remotos falsificar el campo "dirección" a través de una pagina web manipulada. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/940 http://www.osvdb.org/59359 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6384 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2009-3831
https://notcve.org/view.php?id=CVE-2009-3831
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Opera v10.01 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un nombre de dominio manipulado. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/938 http://www.osvdb.org/59357 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-787: Out-of-bounds Write •