Lucene search
K
OperaOpera Browser

282 matches found

CVE
CVE
added 2015/05/21 12:0 a.m.1249 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2011/09/06 7:0 p.m.770 views

CVE-2011-3389

CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...

4.3CVSS6.5AI score0.73327EPSS
CVE
CVE
added 2019/03/21 9:6 p.m.135 views

CVE-2018-18913

Opera before 57.0.3098.106 is affected by a DLL Search Order Hijacking vulnerability (CVE-2018-18913). An attacker can craft a ZIP containing an HTML page and a malicious DLL; when the document is opened, Opera searches for shcore.dll and dcomp.dll in the system directory, enabling the attacker t...

7.8CVSS7.5AI score0.00402EPSS
CVE
CVE
added 2016/09/06 10:0 a.m.105 views

CVE-2016-7153

CVE-2016-7153 describes a vulnerability in the HTTP/2 protocol where the TCP congestion window is not considered when determining content length, potentially enabling an attacker to obtain cleartext data by leveraging a web browser configuration that sends third‑party cookies (HEIST). The connect...

5.3CVSS4.9AI score0.13983EPSS
CVE
CVE
added 2012/03/28 1:0 a.m.98 views

CVE-2012-1926

CVE-2012-1926 affects the Opera web browser prior to 11.62. The issue arises when using the History API (history.pushState/history.replaceState) in conjunction with cross-domain frames, bypassing the Same Origin Policy and enabling unintended read access to history.state. The vulnerability is doc...

5CVSS7.2AI score0.02557EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.97 views

CVE-2005-0233

The CVE-2005-0233 entry describes an IDN spoofing vulnerability in Mozilla/Firefox-related products: IDN support in Firefox 1.0, Camino 0.8.5, and Mozilla before 1.7.6 decodes punycode-encoded domain names in URLs and SSL certificates in a way that can render homograph characters from other scrip...

7.5CVSS6.2AI score0.20398EPSS
CVE
CVE
added 2005/11/22 7:0 p.m.90 views

CVE-2005-3750

CVE-2005-3750 affects Opera before 8.51 on Linux/Unix. A remote attacker can execute arbitrary code by supplying a URL containing shell metacharacters (backticks) in a command-line argument used to launch Opera, enabling code execution without user interaction. The vulnerability score is CVSS v2 ...

7.5CVSS7.6AI score0.06357EPSS
CVE
CVE
added 2005/11/21 11:0 a.m.82 views

CVE-2005-3699

CVE-2005-3699 affects Opera Web Browser 8.50 and 8.0–8.0.2. The issue allows remote attackers to spoof the URL shown in the status bar by manipulating the title of an image link within a form to a trusted site, directing users to a malicious site. Public details describe that the exploit involves...

5CVSS6.5AI score0.0167EPSS
CVE
CVE
added 2006/04/19 4:0 p.m.77 views

CVE-2006-1834

Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...

5.1CVSS7.5AI score0.12074EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.77 views

CVE-2008-7297

Opera browsers (Windows, macOS, Linux) are affected by CVE-2008-7297. The issue allows an attacker in a TLS-stripped or HTTP context to overwrite or delete cookies via a Set-Cookie header due to improper enforcement of HTTPS-only cookies, related to missing HSTS includeSubDomains. The vulnerabili...

5.8CVSS6.5AI score0.01005EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.76 views

CVE-2004-1489

Opera 7.54 and earlier versions expose an applet’s access to Sun Java internal packages, allowing remote attackers to read sensitive information such as user names and installation directory. Multiple connected sources corroborate the issue and the affected package is Opera (desktop/browser). The...

2.6CVSS6.6AI score0.02014EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.76 views

CVE-2005-0238

CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...

5CVSS6.6AI score0.01552EPSS
CVE
CVE
added 2013/02/08 11:0 a.m.76 views

CVE-2013-1638

Opera before 12.13 is affected by CVE-2013-1638, allowing remote code execution via crafted SVG clipPaths. The connected advisories confirm the vulnerability in Opera and advise upgrading to a version containing the fix (e.g., Opera 12.13+). Remediation: upgrade to the latest Opera package that i...

9.3CVSS7.6AI score0.08036EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.75 views

CVE-2004-1157

CVE-2004-1157 affects Opera 7.x up to 7.54 (and possibly other versions). The issue allows remote spoofing of arbitrary websites by injecting content from one window into a target window that has a known name but resides in a different domain (a window-injection vulnerability). The impact is cont...

7.5CVSS6.5AI score0.02497EPSS
CVE
CVE
added 2009/04/02 5:0 p.m.75 views

CVE-2009-1234

CVE-2009-1234 affects Opera 9.64 (and noted for 9.52) where an XML document containing a long sequence of start-tags with no matching end-tags can cause a remote denial of service (application crash). The connected advisories confirm this vulnerability in Opera and link it to multiple vendor upda...

4.3CVSS7.1AI score0.07199EPSS
CVE
CVE
added 2013/02/08 7:0 p.m.75 views

CVE-2013-1618

Technical details specific to CVE-2013-1618 are not publicly provided in the supplied documents; related entries cite timing-side-channel issues linked to CVE-2013-0169 but do not detail this CVE.

4CVSS6.8AI score0.02157EPSS
CVE
CVE
added 2005/07/28 4:0 a.m.74 views

CVE-2005-2407

Opera prior to 10.61 is affected by a design/implementation flaw where a malicious window can overlay a download dialog, enabling user‑assisted code execution via link hijacking or clickjacking. The issue is explicitly linked as related to CVE‑2005‑2407 and described in connected records as affec...

5.1CVSS7.3AI score0.02721EPSS
CVE
CVE
added 2006/10/17 9:0 p.m.74 views

CVE-2006-4819

CVE-2006-4819 describes a heap-based buffer overflow in Opera 9.0 and 9.01 caused by parsing a URL within a tag. The overflow can allow remote code execution when a user visits a malicious page containing a specially crafted long URL in a tag (e.g., long link address). Public sources cite that Op...

5.1CVSS7.8AI score0.04724EPSS
CVE
CVE
added 2009/09/18 10:0 p.m.74 views

CVE-2009-3269

Affected software: Opera 9.52 and earlier. Vulnerability: remote attackers can cause a denial of service (CPU consumption) through a series of automatic submissions of a form containing a KEYGEN element. This is the described impact. Root cause / context: the issue is linked to CVE-2009-1828 in r...

5CVSS6.5AI score0.02152EPSS
CVE
CVE
added 2003/10/21 4:0 a.m.73 views

CVE-2003-0870

CVE-2003-0870 affects Opera 7.11 and 7.20 where rendering certain HREFs causes a heap-based buffer overflow, allowing remote code execution via an escaped server name. Exploitation would require a user opening a crafted page or email containing the malformed HREF, potentially compromising the hos...

7.5CVSS8AI score0.15064EPSS
CVE
CVE
added 2005/11/22 2:0 a.m.72 views

CVE-2004-2570

CVE-2004-2570 affects Opera prior to 7.54. The vulnerability allows remote attackers to modify properties and methods of the browser’s location object and execute JavaScript to read arbitrary files from the client’s local filesystem or to display a spoofed/false URL. This cross-domain scripting-l...

5CVSS6.6AI score0.02989EPSS
CVE
CVE
added 2009/06/15 7:0 p.m.72 views

CVE-2009-2070

CVE-2009-2070 describes a vulnerability in Opera where a proxy’s 4xx/5xx CONNECT responses trigger the browser to accept a forged certificate from the proxy in a single request, enabling a man‑in‑the‑middle attack. An attacker could then send a crafted 502 response on a subsequent request to spoo...

6.8CVSS7.1AI score0.00839EPSS
CVE
CVE
added 2009/07/07 11:0 p.m.72 views

CVE-2009-2351

CVE-2009-1312 is referenced in MiracleLinux AXSA advisories as a vulnerability in Mozilla Firefox and SeaMonkey where javascript: URIs in Refresh headers in HTTP responses were not blocked. Affected versions include Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17; this could enable cross...

4.3CVSS5.9AI score0.01709EPSS
CVE
CVE
added 2011/07/01 10:0 a.m.72 views

CVE-2011-2641

CVE-2011-2641 affects Opera 11.11, where remote attackers can crash the app by manipulating the FONT element’s FACE attribute inside an IFRAME after setting the IFRAME SRC to about:blank. This vulnerability enables a Denial of Service and is documented with an exploit reference (exploit-db). Publ...

5CVSS7.2AI score0.05445EPSS
CVE
CVE
added 2004/05/20 4:0 a.m.71 views

CVE-2004-0473

Opera before 7.50 has an argument injection in its telnet URI handler: leading '-' in the telnet host name is not filtered, allowing remote attackers to pass options to the telnet program and overwrite files. The Gentoo GLSA and related advisories describe two concrete outcomes: creation or trunc...

2.6CVSS7AI score0.02451EPSS
CVE
CVE
added 2009/03/16 7:0 p.m.71 views

CVE-2009-0915

CVE-2009-0915 affects Opera Web Browser prior to version 9.64, enabling remote cross-domain scripting via plug-ins. The linked SUSE/OpenVAS entries confirm Opera 9.64 as the remediation path and reference related CVEs (CVE-2009-0914, -0915, -0916). Affected component: Opera browser core with plug...

6.8CVSS7AI score0.02923EPSS
CVE
CVE
added 2010/08/16 6:25 p.m.71 views

CVE-2010-2576

CVE-2010-2576 (Opera) affects Opera pre-10.61. The issue arises because download dialogs that become visible after a tab change are not properly suppressed, enabling a clickjacking vector. A remote attacker could exploit this to trigger arbitrary code execution via vectors involving (1) closing a...

6.8CVSS7.6AI score0.03356EPSS
CVE
CVE
added 2010/08/16 6:25 p.m.71 views

CVE-2010-3021

Opera before 10.61 is affected by an unspecified vulnerability that can be exploited remotely to cause a denial of service (CPU consumption and application hang) via an animated PNG image. The issue is documented across multiple advisories (CVE-2010-3021). Impact is limited to the vulnerability c...

4.3CVSS7.1AI score0.0187EPSS
CVE
CVE
added 2005/06/16 4:0 a.m.70 views

CVE-2005-1669

CVE-2005-1669 affects Opera 8.0 Final Build 1095. It is a cross-site scripting vulnerability where malicious javascript: URLs opened in a new window or frame allow remote script execution and potential unauthorized actions on other domains. Public references indicate Opera was updated to 8.01 to ...

6.8CVSS5.7AI score0.01845EPSS
CVE
CVE
added 2013/01/02 11:0 a.m.70 views

CVE-2012-6466

CVE-2012-6466 affects Opera before 12.10, where improper handling of incorrect size data in a WebP image can cause a crafted image used as a fill pattern for a canvas to disclose potentially sensitive information from the process memory. The vulnerability enables memory information disclosure via...

5CVSS6AI score0.01667EPSS
CVE
CVE
added 2005/09/26 4:0 a.m.69 views

CVE-2005-3059

CVE-2005-3059 affects Opera 8.50 on Linux and Windows. The vulnerabilities are described as multiple unspecified issues tied to (1) handling of the must-revalidate cache directive for HTTPS pages and (2) a cookie comment encoding display issue. The connected documents do not provide concrete expl...

10CVSS7.3AI score0.02237EPSS
CVE
CVE
added 2007/04/13 6:0 p.m.69 views

CVE-2007-2022

CVE-2007-2022 describes a vulnerability in Adobe Flash Player used with Linux browsers (Opera < 9.20 or Konqueror

6.8CVSS5.9AI score0.04924EPSS
CVE
CVE
added 2009/07/20 6:0 p.m.69 views

CVE-2009-2540

CVE-2009-2540 concerns Opera Web Browser (likely 9.64 and earlier) where a crafted HTML Select element with a large length value can trigger memory consumption, causing a denial of service. This is described as a related issue to CVE-2009-1692. Connected sources (OpenVAS entries) validate the ass...

4.3CVSS6.5AI score0.03052EPSS
CVE
CVE
added 2017/01/26 3:0 p.m.69 views

CVE-2016-6908

CVE-2016-6908 : In Opera for Android (version 37.0.2192.105088), mishandling of certain Unicode characters (e.g., U+FE70, U+0622, U+0623) can cause URLs to render in RTL order when combined with the first strong character (often an alphabetic character). This can enable address-bar display spoofi...

6.1CVSS6.2AI score0.00707EPSS
CVE
CVE
added 2007/03/10 12:0 a.m.68 views

CVE-2007-1377

CVE-2007-1377 affects Adobe Reader's AcroPDF.DLL when loaded from browsers (e.g., Firefox/Netscape/Opera). A remote adversary can trigger a denial of service by passing a PDF URL whose anchor starts with search= followed by a long sequence of %n characters, causing resource exhaustion (DoS). This...

5CVSS6.3AI score0.19612EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.68 views

CVE-2010-1349

Opera 10.10–10.50 contains a Content-Length header handling bug that can trigger a heap overflow, enabling remote code execution. Multiple connected advisories confirm a buffer/heap overflow vulnerability in Opera related to processing HTTP server replies and Content-Length values. Affected versi...

10CVSS7.8AI score0.19792EPSS
CVE
CVE
added 2010/05/20 5:0 p.m.68 views

CVE-2010-1989

CVE-2010-1989 affects Opera 9.52, where an IMG element with SRC redirecting to a mailto: URL can trigger the external mail handler and exhaustively launch applications, causing denial of service via pages with many images. Root cause: image tag redirect to mailto. No remediation details are provi...

5CVSS7.4AI score0.02255EPSS
CVE
CVE
added 2011/07/01 10:0 a.m.68 views

CVE-2011-2611

CVE-2011-2611 affects Opera browser prior to 11.50, with an unspecified vulnerability in the printing functionality that could be triggered by a crafted web page to cause application crash (DoS). Multiple vendor advisories confirm the issue and note that Opera 11.50 fixes address it. Remediation ...

4.3CVSS7AI score0.01418EPSS
CVE
CVE
added 2012/06/14 7:0 p.m.68 views

CVE-2012-3555

CVE-2012-3555 affects Opera before 11.65, where keyboard sequences may not be tied to a visible window, enabling user‑assisted remote attackers to perform cross‑site scripting or execute arbitrary code via a crafted page (hidden keyboard navigation). The OpenVAS and vendor notes corroborate Opera...

7.6CVSS6.9AI score0.03782EPSS
CVE
CVE
added 2006/06/23 8:0 p.m.67 views

CVE-2006-3198

CVE-2006-3198 affects Opera 8.54 and earlier. An integer overflow in JPEG handling may cause memory under-allocation, leading to a buffer overflow and possible arbitrary code execution. Public docs indicate upgrading to Opera 9.0 or newer as the remediation.

7.5CVSS7.7AI score0.0569EPSS
CVE
CVE
added 2006/06/23 8:0 p.m.67 views

CVE-2006-3199

The entries describe a vulnerability in Opera 9 where remote attackers can cause a denial of service (crash) by crafting an A tag href containing a URL with a long hostname, triggering an out-of-bounds operation. Affected software: Opera 9 (web rendering/input handling related to HTML anchor href...

5CVSS7AI score0.14338EPSS
CVE
CVE
added 2010/02/18 5:19 p.m.67 views

CVE-2010-0653

Opera before 10.10 allowed cross-origin loading of CSS stylesheets even when MIME type was incorrect and the stylesheet document malformed, enabling remote attackers to obtain sensitive information via a crafted document. The issue is confirmed across multiple sources: SUSE Gentoo GLSA references...

4.3CVSS7AI score0.01829EPSS
CVE
CVE
added 2010/10/21 6:12 p.m.67 views

CVE-2010-4044

CVE-2010-4044 affects Opera Browser prior to 10.63. The vulnerability allows spoofing the address bar by resizing the window, causing the visible URL to omit the true beginning of the address, which could mislead users about the site they are visiting. The OpenVAS entries label this as multiple v...

4.3CVSS6.5AI score0.01952EPSS
CVE
CVE
added 2013/04/19 10:0 a.m.67 views

CVE-2013-3211

CVE-2013-3211 is linked to Opera before 12.15. The connected OpenVAS entries describe Opera as prone to multiple vulnerabilities (Linux/Windows/macOS), with a CVSS v2 base score of 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). The NVD entry characterizes the vulnerability as unspecified with unknown impact ...

10CVSS6.4AI score0.01726EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.66 views

CVE-2004-1491

CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...

5CVSS7.5AI score0.12559EPSS
CVE
CVE
added 2007/12/24 8:0 p.m.66 views

CVE-2007-6520

Opera before 9.25 contains multiple vulnerabilities (CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524) that enable cross-domain scripting via plug-ins, TLS certificate handling that could allow arbitrary code execution, and memory disclosure through BMP/file handling. The issues affect ...

4.3CVSS5.9AI score0.01597EPSS
CVE
CVE
added 2009/05/11 3:19 p.m.66 views

CVE-2009-1599

Summary: CVE-2009-1599 concerns a PDF-related JavaScript security bypass in Opera. The vulnerability arises when a javascript: URI is executed from the target attribute of a submit button inside a form contained in an inline PDF, potentially bypassing Adobe Acrobat JavaScript restrictions on acce...

9.3CVSS6.6AI score0.01717EPSS
CVE
CVE
added 2009/06/15 7:0 p.m.66 views

CVE-2009-2067

The CVE-2009-2067 issue affects Opera browser. The vulnerability arises when an https page loads an http iframe referencing http content, allowing a MITM to inject arbitrary script within an https site context. This is tied to the HTTP-Intended-but-HTTPS-Loadable (HPIHSL) scenario and could enabl...

6.8CVSS7.3AI score0.01369EPSS
CVE
CVE
added 2010/07/07 6:0 p.m.66 views

CVE-2010-2657

Opera versions older than 10.60 for Windows and macOS are affected by a vulnerability where certain double‑click actions on a web page can bypass the Open/Save dialog and lead to arbitrary code execution with user assistance. The issue is documented as CVE-2010-2657. The public details indicate t...

9.3CVSS7.8AI score0.03902EPSS
CVE
CVE
added 2012/06/14 7:0 p.m.66 views

CVE-2012-3556

CVE-2012-3556 affects Opera before 11.65. A UI handling flaw allows opening a pop-up in response to the first click of a double-click action, enabling user-assisted remote XSS or arbitrary code execution via a crafted website. Affected: Opera desktop builds prior to 11.65 (per Red Hat advisory). ...

9.3CVSS6.9AI score0.03701EPSS
Total number of security vulnerabilities282