Lucene search

K
OperaOpera Browser7.0

177 matches found

CVE
CVE
added 2011/01/31 9:0 p.m.42 views

CVE-2011-0685

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.

2.1CVSS7.2AI score0.0007EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2620

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2634

Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.

5CVSS7.3AI score0.00274EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2636

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.42 views

CVE-2011-2639

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.

5CVSS7.2AI score0.00535EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.42 views

CVE-2012-1927

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.

6.4CVSS7.2AI score0.01662EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3557

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.

5CVSS7.1AI score0.00377EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3561

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

10CVSS7.9AI score0.10215EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.42 views

CVE-2012-3565

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.41 views

CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS7.9AI score0.00787EPSS
CVE
CVE
added 2009/08/31 4:30 p.m.41 views

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a d...

4.3CVSS6.8AI score0.00276EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.41 views

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

5CVSS7.3AI score0.006EPSS
CVE
CVE
added 2010/05/06 2:53 p.m.41 views

CVE-2010-1728

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infin...

9.3CVSS7.7AI score0.14796EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.41 views

CVE-2010-4045

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to int...

9.3CVSS6.4AI score0.04521EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.41 views

CVE-2010-4049

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.

4.3CVSS6.4AI score0.00686EPSS
CVE
CVE
added 2011/01/31 8:0 p.m.41 views

CVE-2011-0450

The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.

7.6CVSS7.3AI score0.03799EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2613

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2623

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2625

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.41 views

CVE-2011-2626

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.41 views

CVE-2012-3563

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.

5CVSS6.6AI score0.00436EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.41 views

CVE-2012-3566

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.

4.3CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.41 views

CVE-2012-6463

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.

4.3CVSS5.6AI score0.00263EPSS
CVE
CVE
added 2005/09/21 8:3 p.m.40 views

CVE-2005-3006

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.

5CVSS6.6AI score0.01116EPSS
CVE
CVE
added 2008/07/09 12:41 a.m.40 views

CVE-2008-3078

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

7.8CVSS6.3AI score0.00997EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.40 views

CVE-2008-5683

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

7.8CVSS6.3AI score0.00384EPSS
CVE
CVE
added 2009/03/16 7:30 p.m.40 views

CVE-2009-0916

Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.3AI score0.01638EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.40 views

CVE-2010-2660

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.

4.3CVSS7.2AI score0.01003EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.40 views

CVE-2010-2665

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."

4.3CVSS6.6AI score0.00682EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.40 views

CVE-2010-4587

Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.

9.3CVSS6.8AI score0.00574EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.40 views

CVE-2011-0683

Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS7.2AI score0.00958EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.40 views

CVE-2011-2630

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.

4.3CVSS7.1AI score0.00461EPSS
CVE
CVE
added 2012/03/28 3:22 a.m.40 views

CVE-2012-1929

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.

6.4CVSS6.6AI score0.01039EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.40 views

CVE-2012-3560

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.

4.3CVSS7.2AI score0.00722EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.40 views

CVE-2012-3564

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.40 views

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.

4.3CVSS6.4AI score0.00245EPSS
CVE
CVE
added 2007/10/18 12:17 a.m.39 views

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

7.5CVSS6.3AI score0.00759EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.39 views

CVE-2008-2714

Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."

5CVSS6.5AI score0.0065EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.39 views

CVE-2008-4200

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

6.4CVSS8.4AI score0.01939EPSS
CVE
CVE
added 2009/11/24 5:30 p.m.39 views

CVE-2009-4071

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.

5.8CVSS7AI score0.00756EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.39 views

CVE-2010-2659

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

4.3CVSS7.1AI score0.00657EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.39 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.

4.3CVSS7.3AI score0.01003EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.39 views

CVE-2011-0687

Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.

4.3CVSS7.1AI score0.01567EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2633

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.

5CVSS7AI score0.00288EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2635

The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.39 views

CVE-2011-2640

Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.

5CVSS7.2AI score0.00734EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.39 views

CVE-2011-4684

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

10CVSS6.4AI score0.09368EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.39 views

CVE-2012-3567

Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.

5CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2013/04/19 11:44 a.m.39 views

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

5CVSS6AI score0.0023EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.38 views

CVE-2003-1397

The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

4.3CVSS6.7AI score0.05155EPSS
Total number of security vulnerabilities177