Opera
by Opera
CVEs (289)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0593 | 0.00 | — | 0.03 | Apr 15, 2004 | Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that… | |||
| CVE-2003-1388 | 0.00 | — | 0.03 | Dec 31, 2003 | Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | |||
| CVE-2003-1420 | 0.00 | — | 0.02 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | |||
| CVE-2003-1561 | 0.00 | — | 0.01 | Dec 31, 2003 | Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||
| CVE-2002-2414 | 0.00 | — | 0.01 | Dec 31, 2002 | Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). | |||
| CVE-2002-2332 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | |||
| CVE-2002-0270 | 0.00 | — | 0.05 | May 29, 2002 | Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect,… | |||
| CVE-2002-0243 | 0.00 | — | 0.01 | May 29, 2002 | Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | |||
| CVE-2001-1245 | 0.00 | — | 0.02 | Jul 9, 2001 | Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name. |
- CVE-2003-0593Apr 15, 2004risk 0.00cvss —epss 0.03
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that…
- CVE-2003-1388Dec 31, 2003risk 0.00cvss —epss 0.03
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
- CVE-2003-1420Dec 31, 2003risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
- CVE-2003-1561Dec 31, 2003risk 0.00cvss —epss 0.01
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
- CVE-2002-2414Dec 31, 2002risk 0.00cvss —epss 0.01
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
- CVE-2002-2332Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
- CVE-2002-0270May 29, 2002risk 0.00cvss —epss 0.05
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect,…
- CVE-2002-0243May 29, 2002risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
- CVE-2001-1245Jul 9, 2001risk 0.00cvss —epss 0.02
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
Page 15 of 15