Lucene search

K

229 matches found

CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2622

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.45 views

CVE-2011-4686

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.4AI score0.00756EPSS
CVE
CVE
added 2012/02/07 4:9 a.m.45 views

CVE-2012-1003

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor report...

5CVSS6.7AI score0.00481EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.45 views

CVE-2012-3568

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5CVSS6.5AI score0.00436EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.45 views

CVE-2012-4146

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

4.3CVSS6.3AI score0.00461EPSS
CVE
CVE
added 2005/06/16 4:0 a.m.44 views

CVE-2005-1475

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

7.5CVSS6.4AI score0.00379EPSS
CVE
CVE
added 2006/06/30 11:5 p.m.44 views

CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

5CVSS6.7AI score0.0115EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.44 views

CVE-2008-7245

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5CVSS6.5AI score0.02598EPSS
CVE
CVE
added 2009/10/30 8:30 p.m.44 views

CVE-2009-3832

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

5.8CVSS6.4AI score0.01217EPSS
CVE
CVE
added 2009/11/24 5:30 p.m.44 views

CVE-2009-4072

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.3AI score0.01394EPSS
CVE
CVE
added 2010/08/16 6:39 p.m.44 views

CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.

5CVSS7.3AI score0.00435EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.44 views

CVE-2010-4585

Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update.

5CVSS7.1AI score0.00887EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.44 views

CVE-2011-0682

Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.

9.3CVSS7.8AI score0.11628EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2628

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

10CVSS7.8AI score0.28276EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2629

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2638

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.44 views

CVE-2011-3388

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security i...

4.3CVSS7.2AI score0.01018EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.44 views

CVE-2011-4683

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.2AI score0.00539EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.44 views

CVE-2012-1928

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.

6.4CVSS7.2AI score0.01662EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.44 views

CVE-2012-3558

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.

2.6CVSS7.1AI score0.00339EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.43 views

CVE-2003-1396

Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

6.8CVSS8.2AI score0.0383EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.43 views

CVE-2006-3353

Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.

5CVSS6.9AI score0.11046EPSS
CVE
CVE
added 2007/05/22 7:30 p.m.43 views

CVE-2007-2809

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

9.3CVSS7.8AI score0.07149EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.43 views

CVE-2009-2577

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

5CVSS6.5AI score0.14161EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.43 views

CVE-2010-2666

Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations...

9.3CVSS7.5AI score0.04056EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-1337

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

4.3CVSS7.2AI score0.02017EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2610

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.2AI score0.00533EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2612

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-2615

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2012/08/30 5:55 p.m.43 views

CVE-2012-4010

Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.

5CVSS6.5AI score0.01003EPSS
CVE
CVE
added 2013/09/13 2:10 p.m.43 views

CVE-2013-4705

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

4.3CVSS5.8AI score0.00254EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.42 views

CVE-2004-1615

Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.

2.6CVSS6.8AI score0.01569EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0235

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS9.3AI score0.00642EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.42 views

CVE-2008-4198

Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.

5CVSS8.5AI score0.00957EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.42 views

CVE-2010-2664

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.

4.3CVSS7.2AI score0.00686EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.42 views

CVE-2011-0685

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.

2.1CVSS7.2AI score0.0007EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2620

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2634

Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.

5CVSS7.3AI score0.00274EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2636

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2639

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.

5CVSS7.2AI score0.00535EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.42 views

CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

5CVSS6.5AI score0.0023EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.42 views

CVE-2012-1927

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.

6.4CVSS7.2AI score0.01662EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3557

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.

5CVSS7.1AI score0.00377EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3561

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

10CVSS7.9AI score0.10215EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3565

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.42 views

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

4.3CVSS5.4AI score0.01007EPSS
CVE
CVE
added 2007/07/21 12:30 a.m.41 views

CVE-2007-3929

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

9.3CVSS7.2AI score0.06449EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.41 views

CVE-2008-2716

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.

5CVSS6.3AI score0.00915EPSS
Total number of security vulnerabilities229