Filtered by vendor Opera
Subscribe
Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2023-12-10 | 7.8 HIGH | N/A |
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | |||||
CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||
CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2023-12-10 | 9.3 HIGH | N/A |
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | |||||
CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | |||||
CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | |||||
CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||
CVE-2006-6955 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||||
CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | |||||
CVE-2006-4819 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | |||||
CVE-2007-5541 | 1 Opera | 1 Opera Browser | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | |||||
CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | |||||
CVE-2008-1080 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. | |||||
CVE-2007-1115 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
CVE-2008-1081 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. | |||||
CVE-2007-0126 | 1 Opera | 1 Opera Browser | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. | |||||
CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
CVE-2007-5274 | 3 Mozilla, Opera, Sun | 5 Firefox, Opera Browser, Jdk and 2 more | 2023-12-10 | 2.6 LOW | N/A |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | |||||
CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.8 MEDIUM | N/A |
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
CVE-2005-1139 | 1 Opera | 1 Opera Browser | 2023-12-10 | 7.5 HIGH | N/A |
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. |