cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 3 of 14
CVE-2012-3556P3CRITICALCVSS 9.3≤ 11.62v5.0+79 more2012-06-14
CVE-2012-3556 [CRITICAL] CWE-20 CVE-2012-3556: Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the firs Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
nvd
CVE-2009-3831P3CRITICALCVSS 9.3fixed in 10.012009-10-30
CVE-2009-3831 [CRITICAL] CWE-787 CVE-2009-3831: Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (m Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
nvd
CVE-2009-1234P4MEDIUMCVSS 4.3PoCv9.52v9.642009-04-02
CVE-2009-1234 [MEDIUM] CWE-20 CVE-2009-1234: Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML docum Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
nvd
CVE-2010-1728P3CRITICALCVSS 9.3≤ 10.52v5.0+56 more2010-05-06
CVE-2010-1728 [CRITICAL] CVE-2010-1728: Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modificatio Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might
nvd
CVE-2007-2809P3CRITICALCVSS 9.3fixed in 9.212007-05-22
CVE-2007-2809 [CRITICAL] CVE-2007-2809: Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
nvd
CVE-2005-3750P3HIGHCVSS 7.5fixed in 8.512005-11-22
CVE-2005-3750 [HIGH] CWE-74 CVE-2005-3750: Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via sh Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.
nvd
CVE-2006-3198P3HIGHCVSS 7.5≤ 8.5.42006-06-23
CVE-2006-3198 [HIGH] CWE-190 CVE-2006-3198: Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a J Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.
nvd
CVE-2007-3929P3CRITICALCVSS 9.3fixed in 9.222007-07-21
CVE-2007-3929 [CRITICAL] CWE-416 CVE-2007-3929: Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted rem Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
nvd
CVE-2010-4045P3CRITICALCVSS 9.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4045 [CRITICAL] CWE-264 CVE-2010-4045: Opera before 10.63 does not properly restrict web script in unspecified circumstances involving relo Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or
nvd
CVE-2010-4586P3CRITICALCVSS 10.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4586 [CRITICAL] CVE-2010-4586: The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecif The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.
nvd
CVE-2007-5476P3CRITICALCVSS 10.0≤ 9.23v1.00+61 more2007-10-18
CVE-2007-5476 [CRITICAL] CVE-2007-5476: Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9 Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
nvd
CVE-2003-1397P4MEDIUMCVSS 4.3PoCv6.05v7.0+1 more2003-12-31
CVE-2003-1397 [MEDIUM] CWE-119 CVE-2003-1397: The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
nvd
CVE-2005-0233P4HIGHCVSS 7.5≤ 7.542005-02-08
CVE-2005-0233 [HIGH] CVE-2005-0233: The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 al The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
nvd
CVE-2013-3211P3CRITICALCVSS 10.0≤ 12.14v1.00+110 more2013-04-19
CVE-2013-3211 [CRITICAL] CVE-2013-3211: Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
nvd
CVE-2010-4587P3CRITICALCVSS 9.3≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4587 [CRITICAL] CVE-2010-4587: Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning me Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
nvd
CVE-2010-2421P3CRITICALCVSS 10.0≤ 10.53v5.0+65 more2010-06-22
CVE-2010-2421 [CRITICAL] CVE-2010-2421: Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors re Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
nvd
CVE-2012-3559P3CRITICALCVSS 10.0≤ 12.00v6.0+57 more2012-06-14
CVE-2012-3559 [CRITICAL] CVE-2012-3559: Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, r Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
nvd
CVE-2012-3555P3HIGHCVSS 7.6≤ 11.62v5.0+79 more2012-06-14
CVE-2012-3555 [HIGH] CVE-2012-3555: Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, whi Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
nvd
CVE-2007-5540P3HIGHCVSS 7.5≤ 9.23v1.00+61 more2007-10-18
CVE-2007-5540 [HIGH] CWE-20 CVE-2007-5540: Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pag Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
nvd
CVE-2008-4292P3CRITICALCVSS 10.0≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4292 [CRITICAL] CWE-255 CVE-2008-4292: Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
nvd
Opera Browser vulnerabilities | cvebase