CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5180
https://notcve.org/view.php?id=CVE-2012-5180
26 Dec 2012 — The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. La aplicación Opera Mobile v12.1 y anteriores y Opera Mini antes de v7.5 para Android no implementa correctamente la clase WebView, lo que permite a atacantes obtener información sensible a través de una aplicación diseñada para tal fin. • http://jvn.jp/en/jp/JVN27691264/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-5227 – Opera 10.61 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-5227
07 Sep 2012 — Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Opera anterior a v10.62 permite a usuarios locales obtener privilegios a través de un archivo dwmapi.dll caballo de troya en el di... • https://www.exploit-db.com/exploits/14732 •
CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0CVE-2012-4010 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4010
30 Aug 2012 — Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. Opera anterior a v11.60 permite a atacantes remotos suplantar la barra de direcciones a través de caracteres homógrafos no especificados, una vulnerabilidad diferente a CVE-2010-2660. Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Versions less than 12.01.1532 are affected. • http://jvn.jp/en/jp/JVN69880570/index.html •
CVSS: 10.0EPSS: 0%CPEs: 48EXPL: 0CVE-2012-4145 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4145
06 Aug 2012 — Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." Vulnerabilidad no especificada en Opera anteriores a v12.01 en Windows y UNIX, y anteriores a v11.66 y 12.x anteriores a v12.01 en Mac OS X, tiene un impacto y vectores de ataque desconocidos, relacionado con una característica "low severity issue." Multiple vulnerabilities have been found in Opera, the worst of whi... • http://www.opera.com/docs/changelogs/mac/1166 •
CVSS: 6.1EPSS: 1%CPEs: 48EXPL: 0CVE-2012-4144 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4144
06 Aug 2012 — Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. El navegador Opera anterior a v12,01 en Windows y UNIX, y anterior a v11.66, v12.x y v12.01 en Mac OS X, no se trata correctamente los caracteres de escape de los elementos DOM, lo que hace que sea más fácil para los atacantes remotos e... • http://www.opera.com/docs/changelogs/mac/1166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 160EXPL: 0CVE-2012-4146 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4146
06 Aug 2012 — Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. El navegador Opera anterior a v12.01, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un sitio web diseñado, como lo demuestra el Lenovo "Comprar ahora" de la página. Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Versions less th... • http://www.opera.com/docs/changelogs/mac/1201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2012-4142 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4142
06 Aug 2012 — Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Opera anterior a v12,01 en Windows y UNIX, y anterior a v11.66, v12.x y 12.01 en Mac OS X, hace caso omiso de algunos personajes en los documentos HTML en circunstancias no especificadas, lo que hace que sea más fácil para los atacante... • http://www.opera.com/docs/changelogs/mac/1166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2012-4143 – Gentoo Linux Security Advisory 201209-11
https://notcve.org/view.php?id=CVE-2012-4143
06 Aug 2012 — Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. Opera anteriores a v12.01 en Windows y UNIX, y anteriores a v11.66 y v12.x anteriores a v12.01 en Mac OS X, permite a atacantes remotos asistidos por usuarios, a engañar a usuarios para que descarguen y ejecuten ficheros a través ... • http://www.opera.com/docs/changelogs/mac/1166 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 127EXPL: 0CVE-2012-3557 – Gentoo Linux Security Advisory 201206-03
https://notcve.org/view.php?id=CVE-2012-3557
14 Jun 2012 — Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site. Opera antes de v11.65 no restringe la correcta lectura de cadenas JSON, lo que permite realizar carga de recursos JSON a través de dominios y por lo tanto obtener información sensible a través de un sitio web especificamente diseñado para este fin. Multiple vulnerabilities have been fou... • http://www.opera.com/docs/changelogs/mac/1165 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 127EXPL: 0CVE-2012-3556 – Gentoo Linux Security Advisory 201206-03
https://notcve.org/view.php?id=CVE-2012-3556
14 Jun 2012 — Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. Opera antes v11.65 no restringe adecuadamente la apertura de una ventana pop-up en respuesta al primer click de una acción de doble clic, lo que facilita a los atacantes remotos (con ayuda de usuario locales) al realizar ataq... • http://www.opera.com/docs/changelogs/mac/1165 • CWE-20: Improper Input Validation •