CVE-2007-6523
https://notcve.org/view.php?id=CVE-2007-6523
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. Vulnerabilidad de complejidad algorítmica en Opera 9.50 beta y 9.x anterior a 9.25 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante un archivo bitmap (BMP) manipulado que dispara un gran número de cálculos y comprobaciones. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28314 http://securityreason.com/securityalert/3482 http://www.securityfocus.com/archive/1/484605/100/200/threaded http://www.securityfocus.com/bid/26721 http://www.vupen.com/english/advisories/2007/4261 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVE-2007-6524
https://notcve.org/view.php?id=CVE-2007-6524
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. Opera versiones anteriores a 9.25, permite a los atacantes remotos obtener contenido de memoria potencialmente confidencial por medio de un archivo de mapa de bits diseñado (BMP), como es demostrado usando un elemento CANVAS y JavaScript en un documento HTML para copiar estos contenidos desde versión 9.50 beta, un problema relacionado con CVE-2008-0420. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://osvdb.org/42691 http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://securitytracker.com/id?1019435 http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/sear • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-6521
https://notcve.org/view.php?id=CVE-2007-6521
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. Vulnerabilidad no especificada en Opera anterior a 9.25 permite a atacantes remotos ejecutar código de su elección a través de certificados TLS manipulados. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-310: Cryptographic Issues •
CVE-2007-5540
https://notcve.org/view.php?id=CVE-2007-5540
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. Vulnerabilidad no especificada en Opera anterior a 9.24 permite a atacantes remotos sobrescribir funciones en páginas de otros dominios y evitar la política de mismo-origen (same-origin) a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=196164 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://osvdb.org/38127 http://secunia.com/advisories/27277 http://secunia.com/advisories/27399 http://secunia.com/advisories/27431 http://security.gentoo.org/glsa/glsa-200710-31.xml http://www.opera.com/support/search/view/867 http://www.securityfocus.com/bid/26102 http://www.vupen.com/english/advisories/2007/3529 • CWE-20: Improper Input Validation •
CVE-2007-5541
https://notcve.org/view.php?id=CVE-2007-5541
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en Opera anterior a 9.24, cuando se usa un cliente "externo" de grupos de noticias o correo electrónico, permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=196164 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://osvdb.org/38126 http://secunia.com/advisories/27277 http://secunia.com/advisories/27399 http://secunia.com/advisories/27431 http://security.gentoo.org/glsa/glsa-200710-31.xml http://www.opera.com/support/search/view/866 http://www.securityfocus.com/bid/26100 http://www.vupen.com/english/advisories/2007/3529 https://exchange.xforce.ibmcloud.c • CWE-20: Improper Input Validation •