Lucene search

K
OperaOpera Browser

282 matches found

CVE
CVE
added 2013/01/02 11:46 a.m.52 views

CVE-2012-6470

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

9.3CVSS7.8AI score0.36411EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.52 views

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

5CVSS6.4AI score0.00243EPSS
CVE
CVE
added 2007/10/20 10:0 a.m.51 views

CVE-2003-1420

Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.

4.3CVSS5.7AI score0.00441EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.51 views

CVE-2004-0473

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" opti...

2.6CVSS7AI score0.01138EPSS
CVE
CVE
added 2006/04/29 10:0 a.m.51 views

CVE-2004-2659

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. ...

4CVSS7AI score0.01113EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.51 views

CVE-2005-0457

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.

7.2CVSS6.6AI score0.0004EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.51 views

CVE-2005-2273

Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6CVSS6.5AI score0.00335EPSS
CVE
CVE
added 2007/10/18 12:17 a.m.51 views

CVE-2007-5476

Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

10CVSS9.4AI score0.20643EPSS
CVE
CVE
added 2007/12/24 8:46 p.m.51 views

CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.

4.3CVSS5.9AI score0.00723EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.51 views

CVE-2009-3044

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitima...

5CVSS7.1AI score0.00327EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.51 views

CVE-2012-3556

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.

9.3CVSS6.9AI score0.02869EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.51 views

CVE-2012-4145

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."

10CVSS6.3AI score0.00406EPSS
CVE
CVE
added 2016/09/06 10:59 a.m.51 views

CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.50 views

CVE-2004-0717

Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

7.5CVSS6.4AI score0.00618EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.50 views

CVE-2008-5680

Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.

9.3CVSS7.3AI score0.45354EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.50 views

CVE-2008-5681

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

4.3CVSS6.5AI score0.00357EPSS
CVE
CVE
added 2009/03/16 7:30 p.m.50 views

CVE-2009-0914

Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

9.3CVSS7.7AI score0.10244EPSS
CVE
CVE
added 2009/05/11 3:30 p.m.50 views

CVE-2009-1599

Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web...

9.3CVSS6.6AI score0.00242EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.50 views

CVE-2009-3047

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

4.3CVSS7.3AI score0.006EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.50 views

CVE-2010-4586

The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.

10CVSS7.5AI score0.00484EPSS
CVE
CVE
added 2011/05/10 6:55 p.m.50 views

CVE-2011-1824

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or pos...

4.3CVSS7.8AI score0.07855EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.50 views

CVE-2011-4685

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.

5CVSS6.5AI score0.00862EPSS
CVE
CVE
added 2004/04/15 4:0 a.m.49 views

CVE-2003-0593

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same ser...

7.5CVSS6.7AI score0.00146EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.49 views

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5CVSS6.6AI score0.01144EPSS
CVE
CVE
added 2007/12/24 8:46 p.m.49 views

CVE-2007-6522

The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.

4.3CVSS5.9AI score0.01361EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.49 views

CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

7.5CVSS7.3AI score0.00143EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0653

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

4.3CVSS7AI score0.00455EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.49 views

CVE-2010-4050

Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.

4.3CVSS6.5AI score0.00686EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.49 views

CVE-2010-4584

Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site.

2.6CVSS7.1AI score0.00177EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2631

The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2637

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.49 views

CVE-2011-4687

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.

5CVSS6.5AI score0.00756EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.49 views

CVE-2012-1925

Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.

6.8CVSS7.3AI score0.01556EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.49 views

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.

5CVSS6.4AI score0.00131EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.49 views

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.

9.3CVSS8.1AI score0.08063EPSS
CVE
CVE
added 2007/01/09 2:28 a.m.48 views

CVE-2007-0126

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

9.3CVSS7.7AI score0.1447EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.48 views

CVE-2009-3048

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

4.3CVSS7.3AI score0.00417EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.48 views

CVE-2010-4044

Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.

4.3CVSS6.5AI score0.00735EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.48 views

CVE-2011-0684

Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, v...

5CVSS7.2AI score0.00834EPSS
CVE
CVE
added 2013/04/19 11:44 a.m.48 views

CVE-2013-3211

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS6.4AI score0.00423EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.47 views

CVE-2003-1387

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

7.5CVSS8AI score0.09985EPSS
CVE
CVE
added 2007/04/25 8:19 p.m.47 views

CVE-2007-2274

The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.

7.8CVSS6.4AI score0.0669EPSS
CVE
CVE
added 2007/12/24 8:46 p.m.47 views

CVE-2007-6524

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.

7.8CVSS5.9AI score0.02102EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.47 views

CVE-2008-4725

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of the...

4.3CVSS5.5AI score0.62121EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.47 views

CVE-2009-3045

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

5CVSS7.1AI score0.0025EPSS
CVE
CVE
added 2009/10/30 8:30 p.m.47 views

CVE-2009-3831

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.

9.3CVSS7.9AI score0.0734EPSS
CVE
CVE
added 2010/04/08 5:30 p.m.47 views

CVE-2010-1310

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

5CVSS6.3AI score0.00307EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.47 views

CVE-2010-4048

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.

4.3CVSS6.4AI score0.00371EPSS
Total number of security vulnerabilities282