CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5101
https://notcve.org/view.php?id=CVE-2016-5101
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. Vulnerabilidad no especificada en Opera Mail en versiones anteriores a 2016-02-16 en Windows permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un mensaje de correo electrónico manipulado. • http://www.opera.com/blogs/security/2016/02/opera-12-and-opera-mail-security-update http://www.securityfocus.com/bid/91507 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 97%CPEs: 42EXPL: 0CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0CVE-2014-1870
https://notcve.org/view.php?id=CVE-2014-1870
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. Opera anterior a 19 en Mac OS X permite a atacantes remotos asistidos por usuario falsificar la barra de direcciones a través de vectores que involucran operaciones drag-and-drop. • http://blogs.opera.com/security/2014/01/security-changes-features-opera-19 •
CVSS: 4.3EPSS: 0%CPEs: 63EXPL: 0CVE-2014-0815
https://notcve.org/view.php?id=CVE-2014-0815
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies. El "intent" de la implementación URL en Opera anterior a 18 en Android permite a atacantes leer archivos locales mediante el aprovechamiento de un error de interacción, tal como se ha demostrado mediante la lectura de cookies almacenadas. • http://blogs.opera.com/security/2014/01/security-changes-features-opera-19 http://jvn.jp/en/jp/JVN23256725/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014 http://www.securityfocus.com/bid/65391 https://exchange.xforce.ibmcloud.com/vulnerabilities/91090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 174EXPL: 0CVE-2013-4705
https://notcve.org/view.php?id=CVE-2013-4705
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. Vulnerabilidad Cross-site scripting (XSS) en Opera anterior a v15.00 que permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias aprovechamiento la codificación UTF-8. • http://jvn.jp/en/jp/JVN01094166/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000086 http://www.opera.com/docs/changelogs/unified/1500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •