
CVE-2018-18913
https://notcve.org/view.php?id=CVE-2018-18913
21 Mar 2019 — Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed. Opera, en v... • https://blogs.opera.com/desktop/changelog-for-57 • CWE-426: Untrusted Search Path •

CVE-2009-2540
https://notcve.org/view.php?id=CVE-2009-2540
20 Jul 2009 — Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera, posiblemente v9.64 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un valor entero largo en la propiedad length de un objeto Select, está relacionada con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2009-2351
https://notcve.org/view.php?id=CVE-2009-2351
07 Jul 2009 — Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. El navegador Opera versión 9.52 y versiones anteriores no bloquean javascript: URI en los encabezados de actualización en las res... • http://websecurity.com.ua/3275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2009-1234 – Opera 9.64 - 7400 nested elements XML Parsing Remote Crash
https://notcve.org/view.php?id=CVE-2009-1234
02 Apr 2009 — Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. Opera versión 9.64, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un documento XML que contiene una serie larga de etiquetas de inicio sin las etiquetas finales correspondientes. NOTA: más tarde se informó que la versión 9.5... • https://www.exploit-db.com/exploits/8320 • CWE-20: Improper Input Validation •

CVE-2009-0914
https://notcve.org/view.php?id=CVE-2009-0914
16 Mar 2009 — Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Opera en versiones anteriores a v9.64 permite a atacantes remotos ejecutar código de su elección mediante una imagen JPEG manipulada que provoca una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-399: Resource Management Errors •

CVE-2009-0915
https://notcve.org/view.php?id=CVE-2009-0915
16 Mar 2009 — Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. Opera en versiones anteriores a v9.64 permite a atacantes remotos dirigir ataques de ejecución de secuencias de comandos en dominios cruzados mediante vectores no especificados relacionados con sus extensiones. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2009-0916
https://notcve.org/view.php?id=CVE-2009-0916
16 Mar 2009 — Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera versión anterior a v9.64 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo". • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html •

CVE-2008-5682
https://notcve.org/view.php?id=CVE-2008-5682
19 Dec 2008 — Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. • http://osvdb.org/50951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2008-5683
https://notcve.org/view.php?id=CVE-2008-5683
19 Dec 2008 — Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. Una vulnerabilidad sin especificar en Opera 9.63 permite antes de atacantes remotos "revelar datos aleatorios" a través de vectores desconocidos. • http://secunia.com/advisories/34294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2008-5680 – Opera 9.62 - 'file://' Local Heap Overflow
https://notcve.org/view.php?id=CVE-2008-5680
19 Dec 2008 — Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. Múltiples desbordamientos de búfer en versiones de Opera anteriores a la 9.63 podrían permitir (1) a atacantes remotos ejecutar código arbitrario a través de un textarea convenientemente modificada, o permitir (2) con ayuda de los usu... • https://www.exploit-db.com/exploits/7135 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •