Filtered by vendor Opera
Subscriptions
Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | ||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | ||||
| CVE-2009-0914 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | ||||
| CVE-2009-1234 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | ||||
| CVE-2009-2063 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | ||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | ||||
| CVE-2009-2351 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. | ||||
| CVE-2009-2540 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | ||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3044 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | ||||
| CVE-2009-3269 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | ||||
| CVE-2009-3831 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-09 | N/A |
| Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | ||||
| CVE-2009-4072 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | ||||
| CVE-2008-4197 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2025-04-09 | 8.8 High |
| Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | ||||
| CVE-2008-4198 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. | ||||
| CVE-2008-4199 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | ||||
| CVE-2008-4292 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. | ||||
| CVE-2008-4695 | 1 Opera | 1 Opera | 2025-04-09 | N/A |
| Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. | ||||
| CVE-2008-4697 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||||