Filtered by vendor Opera
Subscribe
Total
311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0916 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
|
|||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
|
|||||
| CVE-2008-4195 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
|
|||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
|
|||||
| CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
|
|||||
| CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
|
|||||
| CVE-2008-4292 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
|
|||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
|
|||||
| CVE-2008-4794 | 1 Opera | 1 Opera | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
|
|||||
| CVE-2009-3045 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
|
|||||
| CVE-2008-4293 | 2 Microsoft, Opera | 2 Windows, Opera | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
|
|||||
| CVE-2009-2351 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
|
|||||
| CVE-2008-5679 | 1 Opera | 1 Opera | 2025-04-09 | 9.3 HIGH | N/A |
|
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
|
|||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
|
|||||
| CVE-2008-3079 | 2 Microsoft, Opera | 2 Windows, Opera | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2009-4072 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
|
|||||
| CVE-2008-4697 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2009-3831 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
|
|||||
| CVE-2008-4695 | 1 Opera | 1 Opera | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
|
|||||
| CVE-2007-5540 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
|
|||||
| CVE-2007-5276 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
|
|||||
| CVE-2007-0127 | 1 Opera | 1 Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
|
|||||
| CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
|
|||||
| CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
|
|||||
| CVE-2007-2809 | 1 Opera | 1 Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
|
|||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
|
|||||
| CVE-2007-2274 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.
|
|||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
|
|||||
| CVE-2008-4200 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
|
|||||
| CVE-2009-2540 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
|
|||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
|
|||||
| CVE-2009-3266 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content."
|
|||||
| CVE-2008-4199 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
|
|||||
| CVE-2009-2059 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
|
|||||
| CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
|
|||||
| CVE-2008-1761 | 1 Opera | 1 Opera | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
|
|||||
| CVE-2008-4795 | 1 Opera | 1 Opera | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
|
|||||
| CVE-2009-2067 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
|
|||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
|
|||||
| CVE-2008-4694 | 1 Opera | 1 Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
|
|||||