VYPR

Opera Browser

by Opera

CVEs (280)

  • CVE-2006-3199Jun 23, 2006
    risk 0.04cvss epss 0.14

    Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.

  • CVE-2006-1834Apr 19, 2006
    risk 0.04cvss epss 0.12

    Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.

  • CVE-2005-4718Dec 31, 2005
    risk 0.04cvss epss 0.10

    Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND…

  • CVE-2004-2491Dec 31, 2004
    risk 0.04cvss epss 0.06

    A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing…

  • CVE-2004-1491Dec 31, 2004
    risk 0.04cvss epss 0.13

    Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

  • CVE-2003-1396Dec 31, 2003
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

  • CVE-2003-1387Dec 31, 2003
    risk 0.04cvss epss 0.15

    Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

  • CVE-2003-0870Nov 17, 2003
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.

  • CVE-2011-4684Dec 7, 2011
    risk 0.03cvss epss 0.06

    Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

  • CVE-2011-2641Jul 1, 2011
    risk 0.03cvss epss 0.05

    Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.

  • CVE-2008-4725Oct 23, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than…

  • CVE-2007-1563Mar 21, 2007
    risk 0.03cvss epss 0.05

    The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

  • CVE-2003-1397Dec 31, 2003
    risk 0.03cvss epss 0.06

    The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

  • CVE-2005-0233Feb 8, 2005
    risk 0.02cvss epss 0.20

    The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other…

  • CVE-2010-1728May 6, 2010
    risk 0.01cvss epss 0.07

    Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes …

  • CVE-2007-5476Oct 18, 2007
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

  • CVE-2007-4367Aug 15, 2007
    risk 0.01cvss epss 0.08

    Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

  • CVE-2007-3929Jul 21, 2007
    risk 0.01cvss epss 0.06

    Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

  • CVE-2007-2809May 22, 2007
    risk 0.01cvss epss 0.06

    Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

  • CVE-2005-3750Nov 22, 2005
    risk 0.01cvss epss 0.06

    Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.

Page 2 of 14