Vendor CVEs
Opera
All CVEs
323 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2421 | 0.00 | — | 0.02 | Jun 22, 2010 | Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. | |||
| CVE-2010-2121 | 0.00 | — | 0.02 | Jun 1, 2010 | Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | |||
| CVE-2010-1993 | 0.00 | — | 0.02 | May 20, 2010 | Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | |||
| CVE-2010-1989 | 0.00 | — | 0.02 | May 20, 2010 | Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue… | |||
| CVE-2010-1310 | 0.00 | — | 0.01 | Apr 8, 2010 | Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. | |||
| CVE-2010-0653 | 0.00 | — | 0.02 | Feb 18, 2010 | Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | |||
| CVE-2009-4072 | 0.00 | — | 0.02 | Nov 24, 2009 | Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | |||
| CVE-2009-4071 | 0.00 | — | 0.02 | Nov 24, 2009 | Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via… | |||
| CVE-2009-3832 | 0.00 | — | 0.02 | Oct 30, 2009 | Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||
| CVE-2009-3831 | 0.00 | — | 0.06 | Oct 30, 2009 | Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | |||
| CVE-2009-3269 | 0.00 | — | 0.02 | Sep 18, 2009 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | |||
| CVE-2009-3266 | 0.00 | — | 0.03 | Sep 18, 2009 | Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed… | |||
| CVE-2009-3265 | 0.00 | — | 0.02 | Sep 18, 2009 | Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers… | |||
| CVE-2009-3049 | 0.00 | — | 0.02 | Sep 2, 2009 | Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | |||
| CVE-2009-3048 | 0.00 | — | 0.02 | Sep 2, 2009 | Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | |||
| CVE-2009-3047 | 0.00 | — | 0.02 | Sep 2, 2009 | Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | |||
| CVE-2009-3045 | 0.00 | — | 0.01 | Sep 2, 2009 | Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. | |||
| CVE-2009-3044 | 0.00 | — | 0.01 | Sep 2, 2009 | Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate… | |||
| CVE-2009-3013 | 0.00 | — | 0.02 | Aug 31, 2009 | Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains… | |||
| CVE-2009-2577 | 0.00 | — | 0.02 | Jul 22, 2009 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||
| CVE-2009-2540 | 0.00 | — | 0.03 | Jul 20, 2009 | Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||
| CVE-2009-2351 | 0.00 | — | 0.02 | Jul 7, 2009 | Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a… | |||
| CVE-2009-2070 | 0.00 | — | 0.01 | Jun 15, 2009 | Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then… | |||
| CVE-2009-2068 | 0.00 | — | 0.01 | Jun 15, 2009 | Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script… | |||
| CVE-2009-2067 | 0.00 | — | 0.01 | Jun 15, 2009 | Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an… | |||
| CVE-2009-2063 | 0.00 | — | 0.01 | Jun 15, 2009 | Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an… | |||
| CVE-2009-2059 | 0.00 | — | 0.01 | Jun 15, 2009 | Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka… | |||
| CVE-2009-1599 | 0.00 | — | 0.02 | May 11, 2009 | Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as… | |||
| CVE-2009-0916 | 0.00 | — | 0.03 | Mar 16, 2009 | Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | |||
| CVE-2009-0915 | 0.00 | — | 0.03 | Mar 16, 2009 | Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. | |||
| CVE-2009-0914 | 0.00 | — | 0.05 | Mar 16, 2009 | Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | |||
| CVE-2008-5683 | 0.00 | — | 0.01 | Dec 19, 2008 | Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||
| CVE-2008-5682 | 0.00 | — | 0.01 | Dec 19, 2008 | Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | |||
| CVE-2008-5681 | 0.00 | — | 0.01 | Dec 19, 2008 | Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | |||
| CVE-2008-5679 | 0.00 | — | 0.03 | Dec 19, 2008 | The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | |||
| CVE-2008-5428 | 0.00 | — | 0.01 | Dec 11, 2008 | Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other… | |||
| CVE-2008-4794 | 0.00 | — | 0.04 | Oct 30, 2008 | Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. | |||
| CVE-2008-4698 | 0.00 | — | 0.02 | Oct 23, 2008 | Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. | |||
| CVE-2008-4697 | 0.00 | — | 0.02 | Oct 23, 2008 | The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||
| CVE-2008-4695 | 0.00 | — | 0.06 | Oct 23, 2008 | Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. | |||
| CVE-2008-4293 | 0.00 | — | 0.05 | Sep 27, 2008 | Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. | |||
| CVE-2008-4292 | 0.00 | — | 0.02 | Sep 27, 2008 | Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. | |||
| CVE-2008-4200 | 0.00 | — | 0.03 | Sep 27, 2008 | Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. | |||
| CVE-2008-4199 | 0.00 | — | 0.03 | Sep 27, 2008 | Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | |||
| CVE-2008-4198 | 0.00 | — | 0.03 | Sep 27, 2008 | Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the… | |||
| CVE-2008-4196 | 0.00 | — | 0.02 | Sep 27, 2008 | Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-4195 | 0.00 | — | 0.02 | Sep 27, 2008 | Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. | |||
| CVE-2008-3172 | 0.00 | — | 0.01 | Jul 14, 2008 | Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||
| CVE-2008-3079 | 0.00 | — | 0.03 | Jul 9, 2008 | Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2008-3078 | 0.00 | — | 0.03 | Jul 9, 2008 | Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. |
- CVE-2010-2421Jun 22, 2010risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
- CVE-2010-2121Jun 1, 2010risk 0.00cvss —epss 0.02
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
- CVE-2010-1993May 20, 2010risk 0.00cvss —epss 0.02
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
- CVE-2010-1989May 20, 2010risk 0.00cvss —epss 0.02
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue…
- CVE-2010-1310Apr 8, 2010risk 0.00cvss —epss 0.01
Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.
- CVE-2010-0653Feb 18, 2010risk 0.00cvss —epss 0.02
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
- CVE-2009-4072Nov 24, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
- CVE-2009-4071Nov 24, 2009risk 0.00cvss —epss 0.02
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via…
- CVE-2009-3832Oct 30, 2009risk 0.00cvss —epss 0.02
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
- CVE-2009-3831Oct 30, 2009risk 0.00cvss —epss 0.06
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
- CVE-2009-3269Sep 18, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
- CVE-2009-3266Sep 18, 2009risk 0.00cvss —epss 0.03
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed…
- CVE-2009-3265Sep 18, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers…
- CVE-2009-3049Sep 2, 2009risk 0.00cvss —epss 0.02
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
- CVE-2009-3048Sep 2, 2009risk 0.00cvss —epss 0.02
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
- CVE-2009-3047Sep 2, 2009risk 0.00cvss —epss 0.02
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
- CVE-2009-3045Sep 2, 2009risk 0.00cvss —epss 0.01
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
- CVE-2009-3044Sep 2, 2009risk 0.00cvss —epss 0.01
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…
- CVE-2009-3013Aug 31, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains…
- CVE-2009-2577Jul 22, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
- CVE-2009-2540Jul 20, 2009risk 0.00cvss —epss 0.03
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
- CVE-2009-2351Jul 7, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a…
- CVE-2009-2070Jun 15, 2009risk 0.00cvss —epss 0.01
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then…
- CVE-2009-2068Jun 15, 2009risk 0.00cvss —epss 0.01
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script…
- CVE-2009-2067Jun 15, 2009risk 0.00cvss —epss 0.01
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an…
- CVE-2009-2063Jun 15, 2009risk 0.00cvss —epss 0.01
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an…
- CVE-2009-2059Jun 15, 2009risk 0.00cvss —epss 0.01
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka…
- CVE-2009-1599May 11, 2009risk 0.00cvss —epss 0.02
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as…
- CVE-2009-0916Mar 16, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
- CVE-2009-0915Mar 16, 2009risk 0.00cvss —epss 0.03
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
- CVE-2009-0914Mar 16, 2009risk 0.00cvss —epss 0.05
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
- CVE-2008-5683Dec 19, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
- CVE-2008-5682Dec 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
- CVE-2008-5681Dec 19, 2008risk 0.00cvss —epss 0.01
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
- CVE-2008-5679Dec 19, 2008risk 0.00cvss —epss 0.03
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
- CVE-2008-5428Dec 11, 2008risk 0.00cvss —epss 0.01
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other…
- CVE-2008-4794Oct 30, 2008risk 0.00cvss —epss 0.04
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
- CVE-2008-4698Oct 23, 2008risk 0.00cvss —epss 0.02
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.
- CVE-2008-4697Oct 23, 2008risk 0.00cvss —epss 0.02
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
- CVE-2008-4695Oct 23, 2008risk 0.00cvss —epss 0.06
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
- CVE-2008-4293Sep 27, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
- CVE-2008-4292Sep 27, 2008risk 0.00cvss —epss 0.02
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
- CVE-2008-4200Sep 27, 2008risk 0.00cvss —epss 0.03
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
- CVE-2008-4199Sep 27, 2008risk 0.00cvss —epss 0.03
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
- CVE-2008-4198Sep 27, 2008risk 0.00cvss —epss 0.03
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the…
- CVE-2008-4196Sep 27, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-4195Sep 27, 2008risk 0.00cvss —epss 0.02
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
- CVE-2008-3172Jul 14, 2008risk 0.00cvss —epss 0.01
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
- CVE-2008-3079Jul 9, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
- CVE-2008-3078Jul 9, 2008risk 0.00cvss —epss 0.03
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
Page 5 of 7