VYPR

Opera

by Opera

CVEs (289)

  • CVE-2008-4197HigSep 27, 2008
    risk 0.58cvss 8.8epss 0.06

    Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via…

  • CVE-2009-3046HigSep 2, 2009
    risk 0.49cvss 7.5epss 0.01

    Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

  • CVE-2016-7152MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2018-6608MedMar 28, 2018
    risk 0.28cvss 4.3epss 0.03

    In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

  • CVE-2008-4696Oct 23, 2008
    risk 0.07cvss epss 0.46

    Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka…

  • CVE-2010-1349Apr 12, 2010
    risk 0.05cvss epss 0.20

    Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

  • CVE-2008-5178Nov 20, 2008
    risk 0.05cvss epss 0.32

    Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.

  • CVE-2013-1638Feb 8, 2013
    risk 0.04cvss epss 0.08

    Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

  • CVE-2012-6470Jan 2, 2013
    risk 0.04cvss epss 0.08

    Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

  • CVE-2011-2628Jul 1, 2011
    risk 0.04cvss epss 0.13

    Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

  • CVE-2008-7245Sep 18, 2009
    risk 0.04cvss epss 0.06

    Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

  • CVE-2009-1234Apr 2, 2009
    risk 0.04cvss epss 0.07

    Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

  • CVE-2008-5680Dec 19, 2008
    risk 0.04cvss epss 0.08

    Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.

  • CVE-2008-4694Oct 23, 2008
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.

  • CVE-2008-1762Apr 12, 2008
    risk 0.04cvss epss 0.08

    Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.

  • CVE-2007-2274Apr 25, 2007
    risk 0.04cvss epss 0.08

    The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.

  • CVE-2007-0126Jan 9, 2007
    risk 0.04cvss epss 0.11

    Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

  • CVE-2006-3353Jul 6, 2006
    risk 0.04cvss epss 0.08

    Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.

  • CVE-2006-3199Jun 23, 2006
    risk 0.04cvss epss 0.14

    Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.

  • CVE-2006-1834Apr 19, 2006
    risk 0.04cvss epss 0.12

    Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.

Page 1 of 15