CVSS: 6.4EPSS: 0%CPEs: 85EXPL: 0CVE-2008-4200
https://notcve.org/view.php?id=CVE-2008-4200
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. Opera anterior a v9.52 no asegura que el campo dirección de una fuente de noticias representa la URL actual de las fuentes, lo cual permite a atacantes remotos cambiar este campo para mostrar la URL de una página que contiene una secuencia de comandos web controlados por el atacante. • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/952 http://www.opera.com/docs/cha • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 85EXPL: 0CVE-2008-4292
https://notcve.org/view.php?id=CVE-2008-4292
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. Opera anterior a v9.52 no comprueba el inválido CRL tras encontrar un certificado que carece de un CRL, lo cual tiene impacto y vectores de ataque desconocidos. NOTA: no está claro si esto es una vulnerabilidad, pero el vendedor lo incluye en la sección de avisos de seguridad. • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://my.opera.com/community/forums/topic.dml?id=241988&t=1222404671&page=1 http://my.opera.com/yngve/blog/2008/06/27/nobody-checks-the-padlock-debunked-by-opera-users http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http:/&#x • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 108EXPL: 0CVE-2008-3078
https://notcve.org/view.php?id=CVE-2008-3078
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. Opera anterior a 9.51, no maneja de forma adecuada la memoria en funciones que soportan el elemento CANVAS, esto permite a atacantes remotos leer contenidos de memoria no iniciada utilizando JavaScript para leer el lienzo de la imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/30935 http://secunia.com/advisories/31339 http://www.opera.com/docs/changelogs/freebsd/951 http://www.opera.com/docs/changelogs/linux/951 http://www.opera.com/docs/changelogs/mac/951 http://www.opera.com/docs/changelogs/solaris/951 http://www.opera.com/docs/changelogs/windows/951 http://www.opera.com/support/search/view/887 http://www.securityfocus.com/bid/30068&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 108EXPL: 0CVE-2008-2715
https://notcve.org/view.php?id=CVE-2008-2715
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. Vulnerabilidad no especificada en Opera anterior a 9.5 permite a atacantes remotos leer imágenes de dominios cruzados mediante elementos HTML CANVAS que utilizan imágenes como patrones. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html http://secunia.com/advisories/30636 http://secunia.com/advisories/30682 http://www.opera.com/docs/changelogs/linux/950/#security http://www.opera.com/docs/changelogs/windows/950/#security http://www.opera.com/support/search/view/883 http://www.securityfocus.com/bid/29684 http://www.securitytracker.com/id?1020291 http://www.vupen.com/english/advisories/2008/1812 https://exchange.xforce.ibmcloud.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2716
https://notcve.org/view.php?id=CVE-2008-2716
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. Vulnerabilidad no especificada en Opera versiones anteriores a 9.5 permite a atacantes remotos suplantar los contenidos de marcos de confianza en la misma página padre mediante la modificación de la localización, lo cual puede facilitar los ataques de phishing. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html http://secunia.com/advisories/30636 http://secunia.com/advisories/30682 http://www.opera.com/docs/changelogs/linux/950/#security http://www.opera.com/docs/changelogs/windows/950/#security http://www.opera.com/support/search/view/885 http://www.securityfocus.com/bid/29684 http://www.securitytracker.com/id?1020292 http://www.vupen.com/english/advisories/2008/1812 https://exchange.xforce.ibmcloud.com/ • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •