Lucene search

K
OperaOpera Browser

72 matches found

CVE
CVE
added 2015/05/21 12:59 a.m.1130 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.94027EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.608 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.05563EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.61 views

CVE-2009-1234

Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

4.3CVSS7.1AI score0.16566EPSS
CVE
CVE
added 2010/08/16 6:39 p.m.59 views

CVE-2010-3021

Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image.

4.3CVSS7.1AI score0.00686EPSS
CVE
CVE
added 2009/07/07 11:30 p.m.57 views

CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-20...

4.3CVSS5.9AI score0.06172EPSS
CVE
CVE
added 2013/02/08 7:55 p.m.56 views

CVE-2013-1618

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tim...

4CVSS6.8AI score0.01291EPSS
CVE
CVE
added 2009/07/20 6:30 p.m.54 views

CVE-2009-2540

Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

4.3CVSS6.5AI score0.03998EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.54 views

CVE-2011-2611

Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.

4.3CVSS7AI score0.00461EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.53 views

CVE-2010-2658

Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.

4.3CVSS7.3AI score0.00695EPSS
CVE
CVE
added 2007/10/20 10:0 a.m.51 views

CVE-2003-1420

Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.

4.3CVSS5.7AI score0.00441EPSS
CVE
CVE
added 2006/04/29 10:0 a.m.51 views

CVE-2004-2659

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. ...

4CVSS7AI score0.01113EPSS
CVE
CVE
added 2007/12/24 8:46 p.m.51 views

CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.

4.3CVSS5.9AI score0.00723EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.50 views

CVE-2008-5681

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

4.3CVSS6.5AI score0.00357EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.50 views

CVE-2009-3047

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

4.3CVSS7.3AI score0.006EPSS
CVE
CVE
added 2011/05/10 6:55 p.m.50 views

CVE-2011-1824

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or pos...

4.3CVSS7.8AI score0.07855EPSS
CVE
CVE
added 2007/12/24 8:46 p.m.49 views

CVE-2007-6522

The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.

4.3CVSS5.9AI score0.01361EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.49 views

CVE-2010-0653

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

4.3CVSS7AI score0.00455EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.49 views

CVE-2010-4050

Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.

4.3CVSS6.5AI score0.00686EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.48 views

CVE-2009-3048

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

4.3CVSS7.3AI score0.00417EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.48 views

CVE-2010-4044

Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.

4.3CVSS6.5AI score0.00735EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.47 views

CVE-2008-4725

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of the...

4.3CVSS5.5AI score0.62121EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.47 views

CVE-2010-4048

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.

4.3CVSS6.4AI score0.00371EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.47 views

CVE-2010-5068

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3CVSS5.6AI score0.00732EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.47 views

CVE-2012-3562

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.

4.3CVSS6.5AI score0.00408EPSS
CVE
CVE
added 2010/06/01 8:30 p.m.46 views

CVE-2010-2121

Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

4.3CVSS7.4AI score0.0078EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.46 views

CVE-2010-2662

Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."

4.3CVSS7.3AI score0.00246EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.46 views

CVE-2011-0681

The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.

4.3CVSS7.1AI score0.00288EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2609

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

4.3CVSS6.7AI score0.00513EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2624

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.

4.3CVSS7.1AI score0.005EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.46 views

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

4.3CVSS5.4AI score0.00418EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.45 views

CVE-2008-5682

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

4.3CVSS5.5AI score0.00475EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.45 views

CVE-2009-3265

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "de...

4.3CVSS5.4AI score0.00225EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.45 views

CVE-2010-2663

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.

4.3CVSS7.2AI score0.00686EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.45 views

CVE-2010-4046

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.

4.3CVSS6.1AI score0.00777EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.45 views

CVE-2012-4146

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

4.3CVSS6.3AI score0.00461EPSS
CVE
CVE
added 2005/08/01 4:0 a.m.44 views

CVE-2005-2406

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.

4.3CVSS5.8AI score0.00485EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.44 views

CVE-2011-3388

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security i...

4.3CVSS7.2AI score0.01018EPSS
CVE
CVE
added 2010/06/25 7:30 p.m.43 views

CVE-2010-2455

Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

4.3CVSS7.3AI score0.00477EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.43 views

CVE-2011-1337

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

4.3CVSS7.2AI score0.02017EPSS
CVE
CVE
added 2013/09/13 2:10 p.m.43 views

CVE-2013-4705

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

4.3CVSS5.8AI score0.00254EPSS
CVE
CVE
added 2007/10/08 11:17 p.m.42 views

CVE-2007-5276

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

4.3CVSS6.6AI score0.00243EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.42 views

CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed...

4.3CVSS5.4AI score0.00795EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.42 views

CVE-2010-2664

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.

4.3CVSS7.2AI score0.00686EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.42 views

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

4.3CVSS5.4AI score0.01007EPSS
CVE
CVE
added 2007/02/26 11:28 p.m.41 views

CVE-2007-1115

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

4.3CVSS5.6AI score0.00799EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.41 views

CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS7.9AI score0.00787EPSS
CVE
CVE
added 2009/08/31 4:30 p.m.41 views

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a d...

4.3CVSS6.8AI score0.00276EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.41 views

CVE-2010-4049

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.

4.3CVSS6.4AI score0.00686EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.41 views

CVE-2012-3566

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.

4.3CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.41 views

CVE-2012-6463

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.

4.3CVSS5.6AI score0.00263EPSS
Total number of security vulnerabilities72