Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 1 of 14
CVE-2012-6467P2MEDIUMCVSS 4.3Exploited≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6467 [MEDIUM] CVE-2012-6467: Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other
Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.
nvd
CVE-2007-4367P2CRITICALCVSS 9.3Exploitedfixed in 9.232007-08-15
CVE-2007-4367 [CRITICAL] CWE-763 CVE-2007-4367: Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that trig
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
nvd
CVE-2010-1349P2CRITICALCVSS 10.0PoCv10.10v10.502010-04-12
CVE-2010-1349 [CRITICAL] CWE-189 CVE-2010-1349: Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
nvd
CVE-2013-1638P2CRITICALCVSS 9.3PoC≤ 12.12v12.00+4 more2013-02-08
CVE-2013-1638 [CRITICAL] CWE-94 CVE-2013-1638: Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
nvd
CVE-2011-2628P3CRITICALCVSS 10.0PoC≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2628 [CRITICAL] CWE-20 CVE-2011-2628: Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to e
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
nvd
CVE-2012-6470P3CRITICALCVSS 9.3PoC≤ 12.11v1.00+106 more2013-01-02
CVE-2012-6470 [CRITICAL] CWE-119 CVE-2012-6470: Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers t
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
nvd
CVE-2007-0126P3CRITICALCVSS 9.3PoCv9.022007-01-09
CVE-2007-0126 [CRITICAL] CWE-119 CVE-2007-0126: Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPE
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.
nvd
CVE-2011-4684P3CRITICALCVSS 10.0PoC≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4684 [CRITICAL] CWE-310 CVE-2011-4684: Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
nvd
CVE-2008-5680P3CRITICALCVSS 9.3PoC≤ 9.62v1.00+71 more2008-12-19
CVE-2008-5680 [CRITICAL] CVE-2008-5680: Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
nvd
CVE-2008-1762P3CRITICALCVSS 9.3PoC≤ 9.26v5.0+49 more2008-04-12
CVE-2008-1762 [CRITICAL] CWE-399 CVE-2008-1762: Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
nvd
CVE-2008-4694P3CRITICALCVSS 9.3PoC≤ 9.60v5.0+54 more2008-10-23
CVE-2008-4694 [CRITICAL] CWE-59 CVE-2008-4694: Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
nvd
CVE-2003-0870P3HIGHCVSS 7.5PoCv7.11v7.202003-11-17
CVE-2003-0870 [HIGH] CWE-787 CVE-2003-0870: Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
nvd
CVE-2003-1387P3HIGHCVSS 7.5PoCv6.05v6.06+1 more2003-12-31
CVE-2003-1387 [HIGH] CWE-120 CVE-2003-1387: Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to exec
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
nvd
CVE-2004-1491P3MEDIUMCVSS 5.0PoC≤ 7.542004-12-31
CVE-2004-1491 [MEDIUM] CVE-2004-1491: Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attacke
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
nvd
CVE-2006-1834P3MEDIUMCVSS 5.1PoC≤ 8.53v1.00+51 more2006-04-19
CVE-2006-1834 [MEDIUM] CWE-189 CVE-2006-1834: Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
nvd
CVE-2013-1637P3CRITICALCVSS 9.3≤ 12.12v12.00+4 more2013-02-08
CVE-2013-1637 [CRITICAL] CWE-94 CVE-2013-1637: Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM event
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
nvd
CVE-2007-2274P4HIGHCVSS 7.8PoCv9.22007-04-25
CVE-2007-2274 [HIGH] CWE-401 CVE-2007-2274: The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.
nvd
CVE-2007-1563P4MEDIUMCVSS 6.8PoCv9.102007-03-21
CVE-2007-1563 [MEDIUM] CWE-200 CVE-2007-1563: The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to fo
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
nvd
CVE-2003-1396P4MEDIUMCVSS 6.8PoC≥ 6.0, ≤ 7.102003-12-31
CVE-2003-1396 [MEDIUM] CWE-787 CVE-2003-1396: Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of s
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
nvd
CVE-2007-1377P4MEDIUMCVSS 5.0PoCv9.22007-03-10
CVE-2007-1377 [MEDIUM] CVE-2007-1377: AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remo
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
nvd
1 / 14Next →