cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 2 of 14
CVE-2007-5541P3CRITICALCVSS 9.3≤ 9.23v1.00+61 more2007-10-18
CVE-2007-5541 [CRITICAL] CWE-20 CVE-2007-5541: Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
nvd
CVE-2007-6521P3CRITICALCVSS 10.0≤ 9.24v1.00+62 more2007-12-24
CVE-2007-6521 [CRITICAL] CWE-310 CVE-2007-6521: Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
nvd
CVE-2009-0914P3CRITICALCVSS 9.3≤ 9.63v1.00+72 more2009-03-16
CVE-2009-0914 [CRITICAL] CWE-399 CVE-2009-0914: Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that tr Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
nvd
CVE-2012-6468P3CRITICALCVSS 9.3≤ 12.10v1.00+106 more2013-01-02
CVE-2012-6468 [CRITICAL] CWE-119 CVE-2012-6468: Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code o Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
nvd
CVE-2008-7245P4MEDIUMCVSS 5.0PoC≤ 9.52v5.0+53 more2009-09-18
CVE-2008-7245 [MEDIUM] CWE-399 CVE-2008-7245: Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by ca Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
nvd
CVE-2008-4197P3HIGHCVSS 8.8fixed in 9.522008-09-27
CVE-2008-4197 [HIGH] CWE-908 CVE-2008-4197: Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
nvd
CVE-2011-2641P4MEDIUMCVSS 5.0PoCv11.112011-07-01
CVE-2011-2641 [MEDIUM] CWE-399 CVE-2011-2641: Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
nvd
CVE-2010-2666P3CRITICALCVSS 9.3≤ 10.53v5.0+62 more2010-07-08
CVE-2010-2666 [CRITICAL] CWE-264 CVE-2010-2666: Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for wid Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
nvd
CVE-2010-2657P3CRITICALCVSS 9.3fixed in 10.602010-07-08
CVE-2010-2657 [CRITICAL] CWE-264 CVE-2010-2657: Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
nvd
CVE-2008-4725P4MEDIUMCVSS 4.3PoCv9.522008-10-23
CVE-2008-4725 [MEDIUM] CVE-2008-4725: Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to injec Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
nvd
CVE-2006-3353P4MEDIUMCVSS 5.0PoCfixed in 9.012006-07-06
CVE-2006-3353 [MEDIUM] CWE-119 CVE-2006-3353: Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that tri Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.
nvd
CVE-2006-3199P4MEDIUMCVSS 5.0PoCv9.02006-06-23
CVE-2006-3199 [MEDIUM] CWE-119 CVE-2006-3199: Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attri Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.
nvd
CVE-2012-3561P3CRITICALCVSS 10.0≤ 11.62v5.0+79 more2012-06-14
CVE-2012-3561 [CRITICAL] CWE-119 CVE-2012-3561: Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
nvd
CVE-2010-3019P3CRITICALCVSS 9.3≤ 10.60v1.00+85 more2010-08-16
CVE-2010-3019 [CRITICAL] CWE-119 CVE-2010-3019: Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code o Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
nvd
CVE-2007-0127P3CRITICALCVSS 9.3≤ 9.02v1.00+55 more2007-01-09
CVE-2007-0127 [CRITICAL] CWE-94 CVE-2007-0127: The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createS The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
nvd
CVE-2012-4145P3CRITICALCVSS 10.0≤ 12.00v12.00+26 more2012-08-06
CVE-2012-4145 [CRITICAL] CVE-2012-4145: Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befor Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
nvd
CVE-2012-6465P3CRITICALCVSS 9.3≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6465 [CRITICAL] CWE-94 CVE-2012-6465: Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (a Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
nvd
CVE-2011-0450P3HIGHCVSS 7.6≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0450 [HIGH] CVE-2011-0450: The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of t The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.
nvd
CVE-2011-0682P3CRITICALCVSS 9.3≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0682 [CRITICAL] CWE-119 CVE-2011-0682: Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbit Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
nvd
CVE-2005-4718P4MEDIUMCVSS 5.0PoC≤ 8.022005-12-31
CVE-2005-4718 [MEDIUM] CVE-2005-4718: Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
nvd