CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opera » Opera Browser » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3211 2013-04-19 2013-04-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
2 CVE-2013-3210 200 +Info 2013-04-19 2013-04-22
5.0
None Remote Low Not required Partial None None
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
3 CVE-2013-1639 352 Bypass CSRF 2013-02-08 2013-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
4 CVE-2013-1638 94 Exec Code 2013-02-08 2013-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
5 CVE-2013-1637 94 Exec Code 2013-02-08 2013-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
6 CVE-2013-1618 310 2013-02-08 2013-03-08
4.0
None Remote High Not required Partial Partial None
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
7 CVE-2012-6471 2013-01-02 2013-01-02
5.0
None Remote Low Not required None Partial None
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
8 CVE-2012-6470 119 DoS Exec Code Overflow 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
9 CVE-2012-6469 200 +Info 2013-01-02 2015-10-08
5.0
None Remote Low Not required Partial None None
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
10 CVE-2012-6468 119 DoS Exec Code Overflow Mem. Corr. 2013-01-02 2015-10-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
11 CVE-2012-6460 2013-01-02 2013-01-02
5.0
None Remote Low Not required None Partial None
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
12 CVE-2012-4146 119 DoS Overflow 2012-08-06 2012-08-07
4.3
None Remote Medium Not required None None Partial
Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.
13 CVE-2012-3568 DoS 2012-06-14 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
14 CVE-2012-3567 DoS 2012-06-14 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
15 CVE-2012-3566 DoS 2012-06-14 2017-08-29
4.3
None Remote Medium Not required None None Partial
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
16 CVE-2012-3565 DoS 2012-06-14 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
17 CVE-2012-3564 DoS Overflow 2012-06-14 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
18 CVE-2012-3563 DoS 2012-06-14 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
19 CVE-2012-3562 DoS 2012-06-14 2017-08-29
4.3
None Remote Medium Not required None None Partial
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
20 CVE-2012-3561 119 DoS Exec Code Overflow Mem. Corr. 2012-06-14 2012-08-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
21 CVE-2012-3560 264 2012-06-14 2012-06-15
4.3
None Remote Medium Not required None Partial None
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
22 CVE-2012-3558 264 2012-06-14 2012-06-15
2.6
None Remote High Not required None Partial None
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
23 CVE-2012-3557 264 +Info 2012-06-14 2012-06-15
5.0
None Remote Low Not required Partial None None
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
24 CVE-2012-3556 20 Exec Code XSS 2012-06-14 2012-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
25 CVE-2012-3555 Exec Code XSS 2012-06-14 2012-06-20
7.6
None Remote High Not required Complete Complete Complete
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
26 CVE-2012-1928 20 2012-03-28 2018-01-06
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
27 CVE-2012-1927 20 2012-03-28 2018-01-06
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.
28 CVE-2012-1926 200 Bypass +Info 2012-03-28 2018-01-06
5.0
None Remote Low Not required Partial None None
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
29 CVE-2012-1925 2012-03-28 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
30 CVE-2012-1924 94 2012-03-28 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
31 CVE-2012-1251 310 +Info 2012-06-04 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
32 CVE-2012-1003 189 DoS Overflow 2012-02-07 2017-08-29
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue."
33 CVE-2011-4690 264 2011-12-07 2012-03-06
5.0
None Remote Low Not required Partial None None
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
34 CVE-2011-3389 20 2011-09-06 2021-07-23
4.3
None Remote Medium Not required Partial None None
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
35 CVE-2011-3388 200 +Info 2011-09-06 2017-08-29
4.3
None Remote Medium Not required None Partial None
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.
36 CVE-2011-2633 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.
37 CVE-2011-2632 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl.
38 CVE-2011-2631 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.
39 CVE-2011-2630 20 DoS 2011-07-01 2011-07-08
4.3
None Remote Medium Not required None None Partial
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.
40 CVE-2011-2629 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.
41 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
42 CVE-2011-1824 20 DoS Exec Code 2011-05-10 2018-10-09
4.3
None Remote Medium Not required None None Partial
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value.
43 CVE-2011-0687 20 DoS 2011-01-31 2017-09-19
4.3
None Remote Medium Not required None None Partial
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
44 CVE-2011-0686 DoS 2011-01-31 2017-09-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
45 CVE-2011-0685 20 2011-01-31 2017-09-19
2.1
None Local Low Not required None Partial None
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
46 CVE-2011-0684 20 +Info 2011-01-31 2017-09-19
5.0
None Remote Low Not required Partial None None
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.
47 CVE-2011-0683 264 2011-01-31 2017-09-19
4.3
None Remote Medium Not required None Partial None
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
48 CVE-2011-0682 119 DoS Exec Code Overflow Mem. Corr. 2011-01-31 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
49 CVE-2011-0681 Bypass 2011-01-31 2017-09-19
4.3
None Remote Medium Not required None Partial None
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
50 CVE-2010-4050 119 DoS Overflow Mem. Corr. 2010-10-21 2017-09-19
4.3
None Remote Medium Not required None None Partial
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.