Opera
by Opera
CVEs (289)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4718 | 0.04 | — | 0.10 | Dec 31, 2005 | Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND… | |||
| CVE-2004-1491 | 0.04 | — | 0.13 | Dec 31, 2004 | Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | |||
| CVE-2004-2491 | 0.04 | — | 0.06 | Dec 31, 2004 | A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing… | |||
| CVE-2003-1396 | 0.04 | — | 0.09 | Dec 31, 2003 | Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | |||
| CVE-2003-1387 | 0.04 | — | 0.15 | Dec 31, 2003 | Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. | |||
| CVE-2003-0870 | 0.04 | — | 0.15 | Nov 17, 2003 | Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | |||
| CVE-2001-1491 | 0.04 | — | 0.07 | Dec 31, 2001 | Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||
| CVE-2010-5227 | 0.03 | — | 0.01 | Sep 7, 2012 | Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of… | |||
| CVE-2011-4684 | 0.03 | — | 0.06 | Dec 7, 2011 | Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases." | |||
| CVE-2011-2641 | 0.03 | — | 0.05 | Jul 1, 2011 | Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value. | |||
| CVE-2008-4795 | 0.03 | — | 0.04 | Oct 30, 2008 | The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. | |||
| CVE-2008-4725 | 0.03 | — | 0.05 | Oct 23, 2008 | Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than… | |||
| CVE-2007-1563 | 0.03 | — | 0.05 | Mar 21, 2007 | The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||
| CVE-2003-1397 | 0.03 | — | 0.06 | Dec 31, 2003 | The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | |||
| CVE-2002-2358 | 0.03 | — | 0.02 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. | |||
| CVE-2002-2312 | 0.03 | — | 0.02 | Dec 31, 2002 | Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. | |||
| CVE-2002-0898 | 0.03 | — | 0.06 | Oct 4, 2002 | Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. | |||
| CVE-2002-0783 | 0.03 | — | 0.03 | Aug 12, 2002 | Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. | |||
| CVE-2001-0898 | 0.03 | — | 0.03 | Nov 15, 2001 | Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache. | |||
| CVE-2010-1728 | 0.01 | — | 0.07 | May 6, 2010 | Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes … |
- CVE-2005-4718Dec 31, 2005risk 0.04cvss —epss 0.10
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND…
- CVE-2004-1491Dec 31, 2004risk 0.04cvss —epss 0.13
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
- CVE-2004-2491Dec 31, 2004risk 0.04cvss —epss 0.06
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing…
- CVE-2003-1396Dec 31, 2003risk 0.04cvss —epss 0.09
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
- CVE-2003-1387Dec 31, 2003risk 0.04cvss —epss 0.15
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
- CVE-2003-0870Nov 17, 2003risk 0.04cvss —epss 0.15
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
- CVE-2001-1491Dec 31, 2001risk 0.04cvss —epss 0.07
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
- CVE-2010-5227Sep 7, 2012risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of…
- CVE-2011-4684Dec 7, 2011risk 0.03cvss —epss 0.06
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
- CVE-2011-2641Jul 1, 2011risk 0.03cvss —epss 0.05
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
- CVE-2008-4795Oct 30, 2008risk 0.03cvss —epss 0.04
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
- CVE-2008-4725Oct 23, 2008risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than…
- CVE-2007-1563Mar 21, 2007risk 0.03cvss —epss 0.05
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
- CVE-2003-1397Dec 31, 2003risk 0.03cvss —epss 0.06
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
- CVE-2002-2358Dec 31, 2002risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
- CVE-2002-2312Dec 31, 2002risk 0.03cvss —epss 0.02
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.
- CVE-2002-0898Oct 4, 2002risk 0.03cvss —epss 0.06
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
- CVE-2002-0783Aug 12, 2002risk 0.03cvss —epss 0.03
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
- CVE-2001-0898Nov 15, 2001risk 0.03cvss —epss 0.03
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
- CVE-2010-1728May 6, 2010risk 0.01cvss —epss 0.07
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes …
Page 2 of 15