VYPR

Vendor CVEs

Opera

All CVEs

323 total · sorted by risk
  • CVE-2010-2421Jun 22, 2010
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.

  • CVE-2010-2121Jun 1, 2010
    risk 0.00cvss epss 0.02

    Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

  • CVE-2010-1993May 20, 2010
    risk 0.00cvss epss 0.02

    Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.

  • CVE-2010-1989May 20, 2010
    risk 0.00cvss epss 0.02

    Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue…

  • CVE-2010-1310Apr 8, 2010
    risk 0.00cvss epss 0.01

    Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

  • CVE-2010-0653Feb 18, 2010
    risk 0.00cvss epss 0.02

    Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

  • CVE-2009-4072Nov 24, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."

  • CVE-2009-4071Nov 24, 2009
    risk 0.00cvss epss 0.02

    Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via…

  • CVE-2009-3832Oct 30, 2009
    risk 0.00cvss epss 0.02

    Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

  • CVE-2009-3831Oct 30, 2009
    risk 0.00cvss epss 0.06

    Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.

  • CVE-2009-3269Sep 18, 2009
    risk 0.00cvss epss 0.02

    Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.

  • CVE-2009-3266Sep 18, 2009
    risk 0.00cvss epss 0.03

    Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed…

  • CVE-2009-3265Sep 18, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers…

  • CVE-2009-3049Sep 2, 2009
    risk 0.00cvss epss 0.02

    Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

  • CVE-2009-3048Sep 2, 2009
    risk 0.00cvss epss 0.02

    Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

  • CVE-2009-3047Sep 2, 2009
    risk 0.00cvss epss 0.02

    Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

  • CVE-2009-3045Sep 2, 2009
    risk 0.00cvss epss 0.01

    Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

  • CVE-2009-3044Sep 2, 2009
    risk 0.00cvss epss 0.01

    Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…

  • CVE-2009-3013Aug 31, 2009
    risk 0.00cvss epss 0.02

    Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains…

  • CVE-2009-2577Jul 22, 2009
    risk 0.00cvss epss 0.02

    Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

  • CVE-2009-2540Jul 20, 2009
    risk 0.00cvss epss 0.03

    Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

  • CVE-2009-2351Jul 7, 2009
    risk 0.00cvss epss 0.02

    Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a…

  • CVE-2009-2070Jun 15, 2009
    risk 0.00cvss epss 0.01

    Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then…

  • CVE-2009-2068Jun 15, 2009
    risk 0.00cvss epss 0.01

    Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script…

  • CVE-2009-2067Jun 15, 2009
    risk 0.00cvss epss 0.01

    Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an…

  • CVE-2009-2063Jun 15, 2009
    risk 0.00cvss epss 0.01

    Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an…

  • CVE-2009-2059Jun 15, 2009
    risk 0.00cvss epss 0.01

    Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka…

  • CVE-2009-1599May 11, 2009
    risk 0.00cvss epss 0.02

    Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as…

  • CVE-2009-0916Mar 16, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."

  • CVE-2009-0915Mar 16, 2009
    risk 0.00cvss epss 0.03

    Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

  • CVE-2009-0914Mar 16, 2009
    risk 0.00cvss epss 0.05

    Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

  • CVE-2008-5683Dec 19, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

  • CVE-2008-5682Dec 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

  • CVE-2008-5681Dec 19, 2008
    risk 0.00cvss epss 0.01

    Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

  • CVE-2008-5679Dec 19, 2008
    risk 0.00cvss epss 0.03

    The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.

  • CVE-2008-5428Dec 11, 2008
    risk 0.00cvss epss 0.01

    Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other…

  • CVE-2008-4794Oct 30, 2008
    risk 0.00cvss epss 0.04

    Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

  • CVE-2008-4698Oct 23, 2008
    risk 0.00cvss epss 0.02

    Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.

  • CVE-2008-4697Oct 23, 2008
    risk 0.00cvss epss 0.02

    The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

  • CVE-2008-4695Oct 23, 2008
    risk 0.00cvss epss 0.06

    Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

  • CVE-2008-4293Sep 27, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.

  • CVE-2008-4292Sep 27, 2008
    risk 0.00cvss epss 0.02

    Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.

  • CVE-2008-4200Sep 27, 2008
    risk 0.00cvss epss 0.03

    Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

  • CVE-2008-4199Sep 27, 2008
    risk 0.00cvss epss 0.03

    Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

  • CVE-2008-4198Sep 27, 2008
    risk 0.00cvss epss 0.03

    Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the…

  • CVE-2008-4196Sep 27, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-4195Sep 27, 2008
    risk 0.00cvss epss 0.02

    Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.

  • CVE-2008-3172Jul 14, 2008
    risk 0.00cvss epss 0.01

    Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."

  • CVE-2008-3079Jul 9, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.

  • CVE-2008-3078Jul 9, 2008
    risk 0.00cvss epss 0.03

    Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

Page 5 of 7