Lucene search

K
OperaOpera Browser

282 matches found

CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2629

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2638

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.44 views

CVE-2011-3388

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security i...

4.3CVSS7.2AI score0.01018EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.44 views

CVE-2011-4683

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.2AI score0.00539EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.44 views

CVE-2012-1928

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.

6.4CVSS7.2AI score0.01662EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.44 views

CVE-2012-3558

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.

2.6CVSS7.1AI score0.00339EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.43 views

CVE-2003-1396

Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

6.8CVSS8.2AI score0.0383EPSS
CVE
CVE
added 2005/08/01 4:0 a.m.43 views

CVE-2005-2405

Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.

5CVSS6.9AI score0.01336EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.43 views

CVE-2006-3353

Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.

5CVSS6.9AI score0.11046EPSS
CVE
CVE
added 2007/05/22 7:30 p.m.43 views

CVE-2007-2809

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

9.3CVSS7.8AI score0.07149EPSS
CVE
CVE
added 2007/07/17 1:30 a.m.43 views

CVE-2007-3819

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

5CVSS6.3AI score0.00904EPSS
CVE
CVE
added 2007/09/18 7:17 p.m.43 views

CVE-2007-4944

The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.

5CVSS6AI score0.0053EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.43 views

CVE-2009-2577

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

5CVSS6.5AI score0.14161EPSS
CVE
CVE
added 2010/05/20 5:30 p.m.43 views

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.

5CVSS7.1AI score0.00746EPSS
CVE
CVE
added 2010/06/25 7:30 p.m.43 views

CVE-2010-2455

Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

4.3CVSS7.3AI score0.00477EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.43 views

CVE-2010-2666

Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations...

9.3CVSS7.5AI score0.04056EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-1337

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

4.3CVSS7.2AI score0.02017EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2610

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.2AI score0.00533EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2612

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2615

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2012/08/30 5:55 p.m.43 views

CVE-2012-4010

Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.

5CVSS6.5AI score0.01003EPSS
CVE
CVE
added 2013/09/13 2:10 p.m.43 views

CVE-2013-4705

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

4.3CVSS5.8AI score0.00254EPSS
CVE
CVE
added 2017/04/21 2:59 a.m.43 views

CVE-2016-4075

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

6.1CVSS6AI score0.00298EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.42 views

CVE-2004-1615

Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.

2.6CVSS6.8AI score0.01569EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0235

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS9.3AI score0.00642EPSS
CVE
CVE
added 2007/10/08 11:17 p.m.42 views

CVE-2007-5276

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

4.3CVSS6.6AI score0.00243EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.42 views

CVE-2008-4198

Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.

5CVSS8.5AI score0.00957EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.42 views

CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed...

4.3CVSS5.4AI score0.00795EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.42 views

CVE-2010-2664

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.

4.3CVSS7.2AI score0.00686EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.42 views

CVE-2011-0685

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.

2.1CVSS7.2AI score0.0007EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2620

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2634

Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.

5CVSS7.3AI score0.00274EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2636

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2639

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.

5CVSS7.2AI score0.00535EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.42 views

CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5CVSS6.5AI score0.0023EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.42 views

CVE-2012-1927

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.

6.4CVSS7.2AI score0.01662EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3557

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.

5CVSS7.1AI score0.00377EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3561

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

10CVSS7.9AI score0.10215EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3565

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.42 views

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

4.3CVSS5.4AI score0.01007EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.41 views

CVE-2003-1388

Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.

9.3CVSS7.3AI score0.02331EPSS
CVE
CVE
added 2007/02/26 11:28 p.m.41 views

CVE-2007-1115

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

4.3CVSS5.6AI score0.00799EPSS
CVE
CVE
added 2007/07/21 12:30 a.m.41 views

CVE-2007-3929

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

9.3CVSS7.2AI score0.06449EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.41 views

CVE-2008-2716

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.

5CVSS6.3AI score0.00915EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.41 views

CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS7.9AI score0.00787EPSS
CVE
CVE
added 2009/08/31 4:30 p.m.41 views

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a d...

4.3CVSS6.8AI score0.00276EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.41 views

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

5CVSS7.3AI score0.006EPSS
CVE
CVE
added 2010/05/06 2:53 p.m.41 views

CVE-2010-1728

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infin...

9.3CVSS7.7AI score0.14796EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.41 views

CVE-2010-4045

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to int...

9.3CVSS6.4AI score0.04521EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.41 views

CVE-2010-4049

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.

4.3CVSS6.4AI score0.00686EPSS
Total number of security vulnerabilities282