Lucene search

K
OperaOpera Browser

107 matches found

CVE
CVE
added 2012/03/28 3:22 a.m.89 views

CVE-2012-1926

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

5CVSS7.2AI score0.0061EPSS
CVE
CVE
added 2005/11/21 11:3 a.m.70 views

CVE-2005-3699

Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5CVSS6.5AI score0.00351EPSS
CVE
CVE
added 2006/04/19 4:6 p.m.65 views

CVE-2006-1834

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.

5.1CVSS7.5AI score0.15762EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.63 views

CVE-2011-2641

Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.

5CVSS7.2AI score0.08567EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.62 views

CVE-2009-3269

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.

5CVSS6.5AI score0.19497EPSS
CVE
CVE
added 2005/11/22 2:0 a.m.61 views

CVE-2004-2570

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.

5CVSS6.6AI score0.00874EPSS
CVE
CVE
added 2011/08/09 7:55 p.m.59 views

CVE-2008-7297

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains featur...

5.8CVSS6.5AI score0.00435EPSS
CVE
CVE
added 2005/08/01 4:0 a.m.58 views

CVE-2005-2407

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".

5.1CVSS7.3AI score0.01113EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-0238

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS6.6AI score0.01081EPSS
CVE
CVE
added 2010/05/20 5:30 p.m.57 views

CVE-2010-1989

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.

5CVSS7.4AI score0.0264EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.56 views

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

5CVSS7.5AI score0.2586EPSS
CVE
CVE
added 2006/06/23 8:6 p.m.56 views

CVE-2006-3199

Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.

5CVSS7AI score0.15447EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.56 views

CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.

5CVSS6AI score0.0023EPSS
CVE
CVE
added 2006/10/17 9:7 p.m.55 views

CVE-2006-4819

Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).

5.1CVSS7.8AI score0.13918EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.53 views

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.

5CVSS6.4AI score0.06168EPSS
CVE
CVE
added 2005/12/01 11:0 a.m.53 views

CVE-2005-3946

Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class.

5CVSS7AI score0.02419EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.53 views

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.

5.8CVSS8.5AI score0.00787EPSS
CVE
CVE
added 2007/03/10 12:19 a.m.52 views

CVE-2007-1377

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability...

5CVSS6.3AI score0.53628EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.52 views

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

5CVSS6.4AI score0.00243EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.51 views

CVE-2009-3044

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitima...

5CVSS7.1AI score0.00327EPSS
CVE
CVE
added 2016/09/06 10:59 a.m.51 views

CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.50 views

CVE-2011-4685

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.

5CVSS6.5AI score0.00862EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.49 views

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5CVSS6.6AI score0.01144EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.

5CVSS7AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2631

The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.49 views

CVE-2011-2637

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.

5CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.49 views

CVE-2011-4687

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.

5CVSS6.5AI score0.00756EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.49 views

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.

5CVSS6.4AI score0.00131EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.48 views

CVE-2011-0684

Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, v...

5CVSS7.2AI score0.00834EPSS
CVE
CVE
added 2009/09/02 5:30 p.m.47 views

CVE-2009-3045

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

5CVSS7.1AI score0.0025EPSS
CVE
CVE
added 2010/04/08 5:30 p.m.47 views

CVE-2010-1310

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

5CVSS6.3AI score0.00307EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.46 views

CVE-2004-0537

Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.

5CVSS6.6AI score0.00651EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.46 views

CVE-2004-2260

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.

5CVSS6.6AI score0.00917EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.46 views

CVE-2005-4718

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margi...

5CVSS6.8AI score0.1086EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.46 views

CVE-2008-2715

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.

5CVSS6.2AI score0.00705EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.46 views

CVE-2010-4579

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog.

5CVSS7.2AI score0.00701EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2614

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.46 views

CVE-2011-4681

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as de...

5CVSS7.3AI score0.0022EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.46 views

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

5CVSS6.3AI score0.0026EPSS
CVE
CVE
added 2007/06/11 6:30 p.m.45 views

CVE-2007-3142

Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

5.8CVSS6.4AI score0.00674EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2622

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.45 views

CVE-2011-4686

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.4AI score0.00756EPSS
CVE
CVE
added 2012/02/07 4:9 a.m.45 views

CVE-2012-1003

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor report...

5CVSS6.7AI score0.00481EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.45 views

CVE-2012-3568

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5CVSS6.5AI score0.00436EPSS
CVE
CVE
added 2006/06/30 11:5 p.m.44 views

CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

5CVSS6.7AI score0.0115EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.44 views

CVE-2008-7245

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5CVSS6.5AI score0.02598EPSS
CVE
CVE
added 2009/10/30 8:30 p.m.44 views

CVE-2009-3832

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

5.8CVSS6.4AI score0.01217EPSS
Total number of security vulnerabilities107