4486 matches found
CVE-2011-4682
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites...
CVE-2019-13607
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL...
CVE-2012-6472
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a 1 cache file, 2 password file, or 3 configuration file, or 4 possibly gain privileges by modifying or overwriting a configuration file...
CVE-2012-6463
Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...
CVE-2012-6462
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...
CVE-2012-6460
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site...
CVE-2012-6461
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service...
CVE-2012-3557
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site...
CVE-2012-3556
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary code via a crafted web site...
CVE-2012-3555
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue...
CVE-2011-2637
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service application crash via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org...
CVE-2011-2641
Opera 11.11 allows remote attackers to cause a denial of service application crash by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value...
CVE-2011-2633
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service application crash via vectors involving a Certificate Revocation List CRL file, as demonstrated by the multicert-ca-02.crl file...
CVE-2011-2631
The Cascading Style Sheets CSS implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service infinite repaint loop and application hang via a web page, as demonstrated by an unspecified Wikipedia page...
CVE-2011-2630
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service application crash via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension...
CVE-2011-2623
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash or hang via unknown vectors...
CVE-2011-2620
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors involving SVG animation...
CVE-2011-2624
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service application hang via a large table, which is not properly handled during a print preview...
CVE-2011-2617
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...
CVE-2011-2629
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service application crash via unknown content on a web page, as demonstrated by www.falk.de...