CVSS: 7.5EPSS: 3%CPEs: 101EXPL: 0CVE-2007-5540
https://notcve.org/view.php?id=CVE-2007-5540
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. Vulnerabilidad no especificada en Opera anterior a 9.24 permite a atacantes remotos sobrescribir funciones en páginas de otros dominios y evitar la política de mismo-origen (same-origin) a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=196164 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://osvdb.org/38127 http://secunia.com/advisories/27277 http://secunia.com/advisories/27399 http://secunia.com/advisories/27431 http://security.gentoo.org/glsa/glsa-200710-31.xml http://www.opera.com/support/search/view/867 http://www.securityfocus.com/bid/26102 http://www.vupen.com/english/advisories/2007/3529 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 101EXPL: 0CVE-2007-5541
https://notcve.org/view.php?id=CVE-2007-5541
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en Opera anterior a 9.24, cuando se usa un cliente "externo" de grupos de noticias o correo electrónico, permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=196164 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://osvdb.org/38126 http://secunia.com/advisories/27277 http://secunia.com/advisories/27399 http://secunia.com/advisories/27431 http://security.gentoo.org/glsa/glsa-200710-31.xml http://www.opera.com/support/search/view/866 http://www.securityfocus.com/bid/26100 http://www.vupen.com/english/advisories/2007/3529 https://exchange.xforce.ibmcloud.c • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 76EXPL: 0CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1CVE-2006-6955
https://notcve.org/view.php?id=CVE-2006-6955
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. Opera permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante una página web que contiene un gran número de etiquetas de marquesina anidadas, un problema relacionado con CVE-2006-2723. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26898 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 16%CPEs: 94EXPL: 0CVE-2007-0127
https://notcve.org/view.php?id=CVE-2007-0127
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. El soporte para Javascript SVG en Opera anterior a 9.10 no valida adecuadamente los tipos de objeto en una petición createSVGTransformFromMatrix, lo cual permite a atacantes remotos ejecutar código de su elección mediante código JavaScript que utiliza un objeto inválido en esta petición que provoca que un puntero controlado sea referenciado durante la llamada a la función virtual. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html http://osvdb.org/31575 http://secunia.com/advisories/23613 http://secunia.com/advisories/23739 http://secunia.com/advisories/23771 http://securitytracker.com/id?1017473 http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml http://www.opera.com/support/search/supsearch.dml?index=851 http://www.vupen.com/english/advisories/2007/0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •