Filtered by vendor Opera
Subscribe
Total
311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2658 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. | |||||
| CVE-2010-2666 | 3 Apple, Microsoft, Opera | 3 Mac Os X, Windows, Opera Browser | 2018-10-30 | 9.3 HIGH | N/A |
| Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | |||||
| CVE-2007-5274 | 3 Mozilla, Opera, Sun | 5 Firefox, Opera Browser, Jdk and 2 more | 2018-10-30 | 2.6 LOW | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | |||||
| CVE-2009-1599 | 2 Adobe, Opera | 2 Acrobat Reader, Opera Browser | 2018-10-30 | 9.3 HIGH | N/A |
| Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2006-1834 | 1 Opera | 1 Opera Browser | 2018-10-18 | 5.1 MEDIUM | N/A |
| Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. | |||||
| CVE-2007-1737 | 1 Opera | 1 Opera Browser | 2018-10-16 | 7.5 HIGH | N/A |
| Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | |||||
| CVE-2007-1115 | 1 Opera | 1 Opera Browser | 2018-10-16 | 4.3 MEDIUM | N/A |
| The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2018-10-16 | 5.0 MEDIUM | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | |||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2018-10-15 | 5.0 MEDIUM | N/A |
| Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2008-7245 | 1 Opera | 1 Opera Browser | 2018-10-11 | 5.0 MEDIUM | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | |||||
| CVE-2008-5680 | 1 Opera | 1 Opera Browser | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. | |||||
| CVE-2008-5679 | 1 Opera | 1 Opera | 2018-10-11 | 9.3 HIGH | N/A |
| The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | |||||
| CVE-2008-5428 | 2 Microsoft, Opera | 2 Windows Xp, Opera | 2018-10-11 | 4.3 MEDIUM | N/A |
| Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | |||||
| CVE-2008-4696 | 1 Opera | 1 Opera | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). | |||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2018-10-10 | 6.8 MEDIUM | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | |||||
| CVE-2010-2121 | 1 Opera | 1 Opera Browser | 2018-10-10 | 4.3 MEDIUM | N/A |
| Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | |||||
| CVE-2010-1993 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | |||||