Opera Browser@12.10 Security Vulnerabilities and Issues — Opera Browser@12.10 CVE List

Lucene search

OperaOpera Browser12.10

14 matches found

CVE•added 2013/02/08 11:58 a.m.•60 views

CVE-2013-1638

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

9.3CVSS7.6AI score0.30058EPSS

CVE•added 2013/02/08 7:55 p.m.•56 views

CVE-2013-1618

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tim...

4CVSS6.8AI score0.01291EPSS

CVE•added 2013/01/02 11:46 a.m.•52 views

CVE-2012-6470

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

9.3CVSS7.8AI score0.36411EPSS

CVE•added 2013/01/02 11:46 a.m.•52 views

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

5CVSS6.4AI score0.00243EPSS

CVE•added 2013/01/02 11:46 a.m.•49 views

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.

9.3CVSS8.1AI score0.08063EPSS

CVE•added 2013/04/19 11:44 a.m.•48 views

CVE-2013-3211

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS6.4AI score0.00423EPSS

CVE•added 2013/01/02 11:46 a.m.•46 views

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

5CVSS6.3AI score0.0026EPSS

CVE•added 2013/09/13 2:10 p.m.•43 views

CVE-2013-4705

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

4.3CVSS5.8AI score0.00254EPSS

CVE•added 2014/02/06 10:55 p.m.•41 views

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

4.3CVSS6.1AI score0.00375EPSS

CVE•added 2013/02/08 11:58 a.m.•39 views

CVE-2013-1637

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

9.3CVSS7.6AI score0.0576EPSS

CVE•added 2013/02/08 11:58 a.m.•39 views

CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

6.8CVSS6.4AI score0.00107EPSS

CVE•added 2013/04/19 11:44 a.m.•39 views

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

5CVSS6AI score0.0023EPSS

CVE•added 2013/01/02 11:46 a.m.•38 views

CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.

4.6CVSS6.3AI score0.00041EPSS

CVE•added 2014/02/06 11:55 p.m.•35 views

CVE-2014-1870

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.

4.3CVSS6.7AI score0.00243EPSS