VYPR

Opera

by Opera

CVEs (289)

  • CVE-2003-0593Apr 15, 2004
    risk 0.00cvss epss 0.03

    Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that…

  • CVE-2003-1388Dec 31, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.

  • CVE-2003-1420Dec 31, 2003
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.

  • CVE-2003-1561Dec 31, 2003
    risk 0.00cvss epss 0.01

    Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

  • CVE-2002-2414Dec 31, 2002
    risk 0.00cvss epss 0.01

    Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

  • CVE-2002-2332Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

  • CVE-2002-0270May 29, 2002
    risk 0.00cvss epss 0.05

    Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect,…

  • CVE-2002-0243May 29, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

  • CVE-2001-1245Jul 9, 2001
    risk 0.00cvss epss 0.02

    Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

Page 15 of 15