CVSS: 6.8EPSS: 1%CPEs: 76EXPL: 0CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2007-1115
https://notcve.org/view.php?id=CVE-2007-1115
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos secundarios en Opera 9 antes de la versión 9.20 heredan el conjunto de caracteres por defecto de la ventana principal cuando no se especifica un conjunto de caracteres en un encabezado de tipo de contenido HTTP o etiqueta META, lo que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS), como se demuestra utilizando el conjunto de caracteres UTF-7. • http://osvdb.org/32118 http://secunia.com/advisories/24312 http://secunia.com/advisories/25027 http://www.hardened-php.net/advisory_032007.142.html http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.opera.com/support/search/view/855 http://www.securityfocus.com/archive/1/461076/100/0/threaded http://www.securityfocus.com/bid/22701 http://www.securitytracker.com/id?1017909 http://www.vupen.com/english/advisories/2007/0745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1CVE-2006-6955
https://notcve.org/view.php?id=CVE-2006-6955
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. Opera permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante una página web que contiene un gran número de etiquetas de marquesina anidadas, un problema relacionado con CVE-2006-2723. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26898 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 16%CPEs: 94EXPL: 0CVE-2007-0127
https://notcve.org/view.php?id=CVE-2007-0127
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. El soporte para Javascript SVG en Opera anterior a 9.10 no valida adecuadamente los tipos de objeto en una petición createSVGTransformFromMatrix, lo cual permite a atacantes remotos ejecutar código de su elección mediante código JavaScript que utiliza un objeto inválido en esta petición que provoca que un puntero controlado sea referenciado durante la llamada a la función virtual. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html http://osvdb.org/31575 http://secunia.com/advisories/23613 http://secunia.com/advisories/23739 http://secunia.com/advisories/23771 http://securitytracker.com/id?1017473 http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml http://www.opera.com/support/search/supsearch.dml?index=851 http://www.vupen.com/english/advisories/2007/0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 29%CPEs: 2EXPL: 0CVE-2006-4819
https://notcve.org/view.php?id=CVE-2006-4819
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). Desbordamiento de búfer basado en montículo en Opera 9.0 y 9.01 permite a atacantes remotos ejecutar código de su elección mediante una URL larga en una etiqueta (dirección de enlace larga). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424 http://secunia.com/advisories/22218 http://secunia.com/advisories/22509 http://securitytracker.com/id?1017080 http://www.kb.cert.org/vuls/id/484380 http://www.novell.com/linux/security/advisories/2006_61_opera.html http://www.opera.com/support/search/supsearch.dml?index=848 http://www.securityfocus.com/bid/20591 http://www.vupen.com/english/advisories/2006/4066 https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •