Filtered by vendor Opera
Subscribe
Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1931 | 2 Opera, Unix | 2 Opera Browser, Unix | 2023-12-10 | 4.6 MEDIUM | N/A |
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||||
CVE-2012-3561 | 1 Opera | 1 Opera Browser | 2023-12-10 | 10.0 HIGH | N/A |
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. | |||||
CVE-2012-6470 | 1 Opera | 1 Opera Browser | 2023-12-10 | 9.3 HIGH | N/A |
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | |||||
CVE-2012-6472 | 2 Opera, Unix | 2 Opera Browser, Unix | 2023-12-10 | 4.6 MEDIUM | N/A |
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file. | |||||
CVE-2012-1927 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.4 MEDIUM | N/A |
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | |||||
CVE-2012-3568 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. | |||||
CVE-2012-6465 | 1 Opera | 1 Opera Browser | 2023-12-10 | 9.3 HIGH | N/A |
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. | |||||
CVE-2012-6462 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. | |||||
CVE-2012-3566 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission. | |||||
CVE-2012-3565 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." | |||||
CVE-2012-4143 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | |||||
CVE-2012-6464 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. | |||||
CVE-2012-3557 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site. | |||||
CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. | |||||
CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | |||||
CVE-2011-2621 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout. | |||||
CVE-2010-4584 | 1 Opera | 1 Opera Browser | 2023-12-10 | 2.6 LOW | N/A |
Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site. | |||||
CVE-2011-2640 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet. | |||||
CVE-2011-4690 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
CVE-2010-3020 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. |