cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 10 of 14
CVE-2004-2260P4MEDIUMCVSS 5.0fixed in 7.502004-12-31
CVE-2004-2260 [MEDIUM] CWE-601 CVE-2004-2260: Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clic Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
nvd
CVE-2011-2621P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2621 [MEDIUM] CVE-2011-2621: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.
nvd
CVE-2004-0537P4MEDIUMCVSS 5.0≤ 7.502004-08-06
CVE-2004-0537 [MEDIUM] CVE-2004-0537: Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
nvd
CVE-2010-4585P4MEDIUMCVSS 5.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4585 [MEDIUM] CVE-2010-4585: Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attac Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update.
nvd
CVE-2011-2640P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2640 [MEDIUM] CWE-399 CVE-2011-2640: Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an H Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.
nvd
CVE-2011-2623P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2623 [MEDIUM] CVE-2011-2623: Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attacke Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.
nvd
CVE-2011-2618P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2618 [MEDIUM] CWE-399 CVE-2011-2618: Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.
nvd
CVE-2011-2620P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2620 [MEDIUM] CVE-2011-2620: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.
nvd
CVE-2011-2635P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2635 [MEDIUM] CWE-399 CVE-2011-2635: The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cau The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.
nvd
CVE-2011-2629P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2629 [MEDIUM] CVE-2011-2629: Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.
nvd
CVE-2011-2615P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2615 [MEDIUM] CVE-2011-2615: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.
nvd
CVE-2005-0235P4MEDIUMCVSS 5.0≤ 7.542005-05-02
CVE-2005-0235 [MEDIUM] CVE-2005-0235: The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain na The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
nvd
CVE-2005-3699P4MEDIUMCVSS 5.0v8.0v8.01+2 more2005-11-21
CVE-2005-3699 [MEDIUM] CVE-2005-3699: Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
nvd
CVE-2009-2540P4MEDIUMCVSS 4.3≤ 9.642009-07-20
CVE-2009-2540 [MEDIUM] CVE-2009-2540: Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consu Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
nvd
CVE-2012-1003P4MEDIUMCVSS 5.0≤ 11.60v5.0+78 more2012-02-07
CVE-2012-1003 [MEDIUM] CWE-189 CVE-2012-1003: Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of se Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a s
nvd
CVE-2011-1337P4MEDIUMCVSS 4.3≤ 11.50v5.0+76 more2011-07-01
CVE-2011-1337 [MEDIUM] CWE-399 CVE-2011-1337: Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via inval Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.
nvd
CVE-2011-3388P4MEDIUMCVSS 4.3≤ 11.50v5.0+75 more2011-09-06
CVE-2011-3388 [MEDIUM] CWE-200 CVE-2011-3388: Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the i
nvd
CVE-2010-4046P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4046 [MEDIUM] CWE-200 CVE-2010-4046: Opera before 10.63 does not properly verify the origin of video content, which allows remote attacke Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
nvd
CVE-2010-4043P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4043 [MEDIUM] CWE-264 CVE-2010-4043: Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet wh Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
nvd
CVE-2010-4050P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4050 [MEDIUM] CWE-119 CVE-2010-4050: Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by refer Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
nvd