cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 8 of 14
CVE-2010-2658P4MEDIUMCVSS 4.3≤ 10.60v5.0+68 more2010-07-08
CVE-2010-2658 [MEDIUM] CWE-20 CVE-2010-2658: Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.
nvd
CVE-2008-5681P4MEDIUMCVSS 4.3≤ 9.62v1.00+71 more2008-12-19
CVE-2008-5681 [MEDIUM] CVE-2008-5681: Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows r Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
nvd
CVE-2005-2407P4MEDIUMCVSS 5.1≤ 8.012005-08-01
CVE-2005-2407 [MEDIUM] CWE-1021 CVE-2005-2407: A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
nvd
CVE-2004-0473P4LOWCVSS 2.6fixed in 7.502004-07-07
CVE-2004-0473 [LOW] CWE-88 CVE-2004-0473: Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that b Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
nvd
CVE-2010-4580P4MEDIUMCVSS 5.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4580 [MEDIUM] CWE-200 CVE-2010-4580: Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, whi Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.
nvd
CVE-2008-2715P4MEDIUMCVSS 5.0≤ 9.50v1.00+67 more2008-06-16
CVE-2008-2715 [MEDIUM] CWE-200 CVE-2008-2715: Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images vi Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
nvd
CVE-2012-6469P4MEDIUMCVSS 5.0≤ 12.10v1.00+106 more2013-01-02
CVE-2012-6469 [MEDIUM] CWE-200 CVE-2012-6469: Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via v Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
nvd
CVE-2011-4690P4MEDIUMCVSS 5.0≤ 11.602011-12-07
CVE-2011-4690 [MEDIUM] CWE-264 CVE-2011-4690: Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy viola Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
nvd
CVE-2010-2661P4MEDIUMCVSS 4.3≤ 10.53v5.0+68 more2010-07-08
CVE-2010-2661 [MEDIUM] CWE-264 CVE-2010-2661: Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly re Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.
nvd
CVE-2010-2662P4MEDIUMCVSS 4.3≤ 10.60v5.0+68 more2010-07-08
CVE-2010-2662 [MEDIUM] CWE-264 CVE-2010-2662: Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a " Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."
nvd
CVE-2009-3048P4MEDIUMCVSS 4.3≤ 10.00v1.00+75 more2009-09-02
CVE-2009-3048 [MEDIUM] CWE-20 CVE-2009-3048: Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
nvd
CVE-2005-0457P4HIGHCVSS 7.2≤ 7.542005-05-02
CVE-2005-0457 [HIGH] CWE-427 CVE-2005-0457: Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local us Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.
nvd
CVE-2013-1618P4MEDIUMCVSS 4.0≤ 12.12v12.00+4 more2013-02-08
CVE-2013-1618 [MEDIUM] CVE-2013-1618: The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
nvd
CVE-2009-4071P4MEDIUMCVSS 5.8≤ 10.10v7.0+26 more2009-11-24
CVE-2009-4071 [MEDIUM] CWE-16 CVE-2009-4071: Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a w Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
nvd
CVE-2008-4199P4MEDIUMCVSS 5.0≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4199 [MEDIUM] CWE-200 CVE-2008-4199: Opera before 9.52 does not prevent use of links from web pages to feed source files on the local dis Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
nvd
CVE-2008-4198P4MEDIUMCVSS 5.0≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4198 [MEDIUM] CVE-2008-4198: Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.
nvd
CVE-2010-1993P4MEDIUMCVSS 5.0v9.522010-05-20
CVE-2010-1993 [MEDIUM] CWE-399 CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
nvd
CVE-2011-2616P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2616 [MEDIUM] CVE-2011-2616: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.
nvd
CVE-2011-2632P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2632 [MEDIUM] CWE-20 CVE-2011-2632: Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remo Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl.
nvd
CVE-2009-3269P4MEDIUMCVSS 5.0≤ 9.52v1.00+68 more2009-09-18
CVE-2009-3269 [MEDIUM] CVE-2009-3269: Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
nvd