cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 7 of 14
CVE-2012-6461P4MEDIUMCVSS 5.0≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6461 [MEDIUM] CWE-20 CVE-2012-6461: The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 all The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
nvd
CVE-2011-0684P4MEDIUMCVSS 5.0≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0684 [MEDIUM] CWE-20 CVE-2011-0684: Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.
nvd
CVE-2007-3819P4MEDIUMCVSS 5.0v9.212007-07-17
CVE-2007-3819 [MEDIUM] CVE-2007-3819: Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI w Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
nvd
CVE-2010-4579P4MEDIUMCVSS 5.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4579 [MEDIUM] CVE-2010-4579: Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog.
nvd
CVE-2013-3210P4MEDIUMCVSS 5.0≤ 12.14v3.00+108 more2013-04-19
CVE-2013-3210 [MEDIUM] CWE-200 CVE-2013-3210: Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows rem Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
nvd
CVE-2018-6608P4MEDIUMCVSS 4.3v51.0.2830.552018-03-28
CVE-2018-6608 [MEDIUM] CWE-200 CVE-2018-6608: In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather com In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
nvd
CVE-2006-6970P4MEDIUMCVSS 5.0v9.102007-02-07
CVE-2006-6970 [MEDIUM] CWE-264 CVE-2006-6970: Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
nvd
CVE-2012-4010P4MEDIUMCVSS 5.0≤ 11.60v5.0+77 more2012-08-30
CVE-2012-4010 [MEDIUM] CVE-2012-4010: Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph charac Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
nvd
CVE-2005-1669P4MEDIUMCVSS 6.8fixed in 8.012005-06-16
CVE-2005-1669 [MEDIUM] CWE-79 CVE-2005-1669: Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to in Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
nvd
CVE-2006-3331P4MEDIUMCVSS 5.0fixed in 9.02006-06-30
CVE-2006-3331 [MEDIUM] CVE-2006-3331: Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL- Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
nvd
CVE-2004-2570P4MEDIUMCVSS 5.0fixed in 7.542004-12-31
CVE-2004-2570 [MEDIUM] CWE-74 CVE-2004-2570: Opera before 7.54 allows remote attackers to modify properties and methods of the location object an Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
nvd
CVE-2008-2716P4MEDIUMCVSS 5.0fixed in 9.52008-06-16
CVE-2008-2716 [MEDIUM] CWE-1021 CVE-2008-2716: Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trust Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.
nvd
CVE-2011-4687P4MEDIUMCVSS 5.0≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4687 [MEDIUM] CWE-399 CVE-2011-4687: Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.
nvd
CVE-2011-2639P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2639 [MEDIUM] CWE-399 CVE-2011-2639: Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attacker Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.
nvd
CVE-2011-2631P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2631 [MEDIUM] CWE-20 CVE-2011-2631: The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the c The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.
nvd
CVE-2012-3557P4MEDIUMCVSS 5.0≤ 11.62v5.0+79 more2012-06-14
CVE-2012-3557 [MEDIUM] CWE-264 CVE-2012-3557: Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attac Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
nvd
CVE-2009-3044P4MEDIUMCVSS 5.0≤ 10.00v1.00+70 more2009-09-02
CVE-2009-3044 [MEDIUM] CWE-310 CVE-2009-3044: Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character i Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
nvd
CVE-2011-0681P4MEDIUMCVSS 4.3≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0681 [MEDIUM] CVE-2011-0681: The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
nvd
CVE-2010-2660P4MEDIUMCVSS 4.3≤ 10.53v5.0+68 more2010-07-08
CVE-2010-2660 [MEDIUM] CWE-264 CVE-2010-2660: Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly re Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.
nvd
CVE-2010-4044P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4044 [MEDIUM] CWE-20 CVE-2010-4044: Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the b Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
nvd
Opera Browser vulnerabilities | cvebase