Filtered by vendor Opera
Subscriptions
Filtered by product Opera Browser
Subscriptions
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2121 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | ||||
| CVE-2013-1618 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||||
| CVE-2013-1639 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | ||||
| CVE-2013-4705 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | ||||
| CVE-2010-1993 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | ||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | ||||
| CVE-2013-1637 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | ||||
| CVE-2012-6467 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. | ||||
| CVE-2010-1989 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. | ||||
| CVE-2012-3556 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. | ||||
| CVE-2012-6463 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. | ||||
| CVE-2011-2610 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue." | ||||
| CVE-2010-1310 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. | ||||
| CVE-2010-1349 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-11 | N/A |
| Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. | ||||
| CVE-2012-4144 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2025-04-11 | N/A |
| Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | ||||
| CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | ||||
| CVE-2014-1870 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2025-04-11 | N/A |
| Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | ||||
| CVE-2011-4684 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases." | ||||
| CVE-2014-0815 | 2 Google, Opera | 2 Android, Opera Browser | 2025-04-11 | N/A |
| The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies. | ||||
| CVE-2012-6466 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. | ||||