Lucene search

K
OperaOpera Browser

282 matches found

CVE
CVE
added 2011/01/31 8:0 p.m.41 views

CVE-2011-0450

The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.

7.6CVSS7.3AI score0.03799EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2613

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2623

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2625

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2626

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.41 views

CVE-2012-3563

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.

5CVSS6.6AI score0.00436EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.41 views

CVE-2012-3566

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.

4.3CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.41 views

CVE-2012-6463

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.

4.3CVSS5.6AI score0.00263EPSS
CVE
CVE
added 2014/02/06 10:55 p.m.41 views

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

4.3CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.40 views

CVE-2004-1201

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

5CVSS7.2AI score0.01775EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.40 views

CVE-2004-1810

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.

5CVSS6.6AI score0.01417EPSS
CVE
CVE
added 2005/09/21 8:3 p.m.40 views

CVE-2005-3006

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.

5CVSS6.6AI score0.01116EPSS
CVE
CVE
added 2005/09/21 8:3 p.m.40 views

CVE-2005-3007

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.

2.6CVSS6.6AI score0.01454EPSS
CVE
CVE
added 2005/09/22 10:3 a.m.40 views

CVE-2005-3041

Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."

5CVSS6.6AI score0.00441EPSS
CVE
CVE
added 2007/03/28 10:19 p.m.40 views

CVE-2007-1737

Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

7.5CVSS6.5AI score0.00127EPSS
CVE
CVE
added 2008/07/09 12:41 a.m.40 views

CVE-2008-3078

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

7.8CVSS6.3AI score0.00997EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.40 views

CVE-2008-5683

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

7.8CVSS6.3AI score0.00384EPSS
CVE
CVE
added 2009/03/16 7:30 p.m.40 views

CVE-2009-0916

Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.3AI score0.01638EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.40 views

CVE-2010-2660

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.

4.3CVSS7.2AI score0.01003EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.40 views

CVE-2010-2665

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."

4.3CVSS6.6AI score0.00682EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.40 views

CVE-2010-4587

Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.

9.3CVSS6.8AI score0.00574EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.40 views

CVE-2011-0683

Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS7.2AI score0.00958EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.40 views

CVE-2011-2630

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.

4.3CVSS7.1AI score0.00461EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.40 views

CVE-2012-1929

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.

6.4CVSS6.6AI score0.01039EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.40 views

CVE-2012-3560

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.

4.3CVSS7.2AI score0.00722EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.40 views

CVE-2012-3564

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.40 views

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.

4.3CVSS6.4AI score0.00245EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.39 views

CVE-2004-2491

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

2.6CVSS6.5AI score0.1039EPSS
CVE
CVE
added 2006/07/31 11:4 p.m.39 views

CVE-2006-3945

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.

5CVSS7AI score0.01063EPSS
CVE
CVE
added 2007/10/18 12:17 a.m.39 views

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

7.5CVSS6.3AI score0.00759EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.39 views

CVE-2008-2714

Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."

5CVSS6.5AI score0.0065EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.39 views

CVE-2008-4200

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

6.4CVSS8.4AI score0.01939EPSS
CVE
CVE
added 2009/11/24 5:30 p.m.39 views

CVE-2009-4071

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.

5.8CVSS7AI score0.00756EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.39 views

CVE-2010-2659

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

4.3CVSS7.1AI score0.00657EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.39 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.

4.3CVSS7.3AI score0.01003EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.39 views

CVE-2011-0687

Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.

4.3CVSS7.1AI score0.01567EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2633

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.

5CVSS7AI score0.00288EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2635

The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2640

Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.

5CVSS7.2AI score0.00734EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.39 views

CVE-2011-4684

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

10CVSS6.4AI score0.09368EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.39 views

CVE-2012-3567

Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.

5CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2013/02/08 11:58 a.m.39 views

CVE-2013-1637

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

9.3CVSS7.6AI score0.0576EPSS
CVE
CVE
added 2013/02/08 11:58 a.m.39 views

CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

6.8CVSS6.4AI score0.00107EPSS
CVE
CVE
added 2013/04/19 11:44 a.m.39 views

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

5CVSS6AI score0.0023EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.38 views

CVE-2003-1397

The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

4.3CVSS6.7AI score0.05155EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.38 views

CVE-2006-6970

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.

5CVSS6.7AI score0.00227EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.38 views

CVE-2008-4195

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.

5CVSS8.6AI score0.0068EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.38 views

CVE-2008-4196

Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00781EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.38 views

CVE-2010-4043

Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.

4.3CVSS6AI score0.00917EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.38 views

CVE-2010-4580

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.

5CVSS7.1AI score0.00722EPSS
Total number of security vulnerabilities282