CVE-2008-2715
https://notcve.org/view.php?id=CVE-2008-2715
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. Vulnerabilidad no especificada en Opera anterior a 9.5 permite a atacantes remotos leer imágenes de dominios cruzados mediante elementos HTML CANVAS que utilizan imágenes como patrones. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html http://secunia.com/advisories/30636 http://secunia.com/advisories/30682 http://www.opera.com/docs/changelogs/linux/950/#security http://www.opera.com/docs/changelogs/windows/950/#security http://www.opera.com/support/search/view/883 http://www.securityfocus.com/bid/29684 http://www.securitytracker.com/id?1020291 http://www.vupen.com/english/advisories/2008/1812 https://exchange.xforce.ibmcloud.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-1762 – Opera Web Browser 9.26 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1762
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. Opera versiones anteriores a 9.27, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un patrón de imagen escalado diseñado en un elemento CANVAS de HTML, que desencadena corrupción de memoria. • https://www.exploit-db.com/exploits/31594 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29662 http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/support/search/view/882 http://www.securityfocus.com/bid/28585 http://www.vupen.com/english/advisories/2008/1084/references https: • CWE-399: Resource Management Errors •
CVE-2008-1761
https://notcve.org/view.php?id=CVE-2008-1761
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. Opera anterior a 9.27 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante una fuente newsfeed manipulada, lo cual dispara un acceso a memoria inválido. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29662 http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/support/search/view/881 http://www.securityfocus.com/bid/28585 http://www.vupen.com/english/advisories/2008/1084/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41625 • CWE-399: Resource Management Errors •
CVE-2008-1764
https://notcve.org/view.php?id=CVE-2008-1764
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Una vulnerabilidad no especificada en Opera versiones anteriores a 9.27, presenta un impacto desconocido y vectores de ataque remotos relacionados con el "keyboard handling of password inputs". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/docs/changelogs/windows/927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41834 •
CVE-2008-1080
https://notcve.org/view.php?id=CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/877 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-20: Improper Input Validation •