cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 9 of 14
CVE-2005-3006P4MEDIUMCVSS 5.0≤ 8.02v1.00+47 more2005-09-21
CVE-2005-3006 [MEDIUM] CVE-2005-3006: The mail client in Opera before 8.50 opens attached files from the user's cache directory without wa The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.
nvd
CVE-2010-5072P4MEDIUMCVSS 5.0v10.502011-12-07
CVE-2010-5072 [MEDIUM] CWE-264 CVE-2010-5072: The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained i The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
nvd
CVE-2012-3564P4MEDIUMCVSS 5.0≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3564 [MEDIUM] CVE-2012-3564: Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
nvd
CVE-2010-2665P4MEDIUMCVSS 4.3≤ 10.53v5.0+66 more2010-07-08
CVE-2010-2665 [MEDIUM] CWE-79 CVE-2010-2665: Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 1 Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
nvd
CVE-2013-4705P4MEDIUMCVSS 4.3≤ 15.00v1.00+111 more2013-09-13
CVE-2013-4705 [MEDIUM] CWE-79 CVE-2013-4705: Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arb Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.
nvd
CVE-2011-2609P4MEDIUMCVSS 4.3≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2609 [MEDIUM] CWE-79 CVE-2011-2609: Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
nvd
CVE-2012-4144P4MEDIUMCVSS 4.3≤ 12.00v12.00+26 more2012-08-06
CVE-2012-4144 [MEDIUM] CWE-79 CVE-2012-4144: Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
nvd
CVE-2012-4142P4MEDIUMCVSS 4.3≤ 12.00v12.00+26 more2012-08-06
CVE-2012-4142 [MEDIUM] CWE-79 CVE-2012-4142: Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
nvd
CVE-2014-1870P4MEDIUMCVSS 4.3≤ 18.00v1.00+41 more2014-02-06
CVE-2014-1870 [MEDIUM] CVE-2014-1870: Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vecto Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
nvd
CVE-2011-2617P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2617 [MEDIUM] CVE-2011-2617: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.
nvd
CVE-2011-2626P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2626 [MEDIUM] CWE-399 CVE-2011-2626: Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.
nvd
CVE-2007-4944P4MEDIUMCVSS 5.0v9.0v9.01+5 more2007-09-18
CVE-2007-4944 [MEDIUM] CVE-2007-4944: The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
nvd
CVE-2008-2714P4MEDIUMCVSS 5.0≤ 9.25v1.00+63 more2008-06-16
CVE-2008-2714 [MEDIUM] CVE-2008-2714: Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characte Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
nvd
CVE-2009-2577P4MEDIUMCVSS 5.0≤ 9.52v7.0+21 more2009-07-22
CVE-2009-2577 [MEDIUM] CVE-2009-2577: Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumpt Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
nvd
CVE-2012-3567P4MEDIUMCVSS 5.0≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3567 [MEDIUM] CVE-2012-3567: Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
nvd
CVE-2010-1310P4MEDIUMCVSS 5.0v10.502010-04-08
CVE-2010-1310 [MEDIUM] CWE-200 CVE-2010-1310: Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, whi Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.
nvd
CVE-2009-3266P4MEDIUMCVSS 4.3v5.0v5.02+65 more2009-09-18
CVE-2009-3266 [MEDIUM] CWE-79 CVE-2009-3266: Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remot Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml c
nvd
CVE-2012-3560P4MEDIUMCVSS 4.3≤ 11.64v5.0+80 more2012-06-14
CVE-2012-3560 [MEDIUM] CWE-264 CVE-2012-3560: Opera before 11.65 does not ensure that the address field corresponds to the displayed web page duri Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
nvd
CVE-2009-3047P4MEDIUMCVSS 4.3≤ 10.00v7.0+23 more2009-09-02
CVE-2009-3047 [MEDIUM] CVE-2009-3047: Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name f Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
nvd
CVE-2011-0683P4MEDIUMCVSS 4.3≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0683 [MEDIUM] CWE-264 CVE-2011-0683: Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remo Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
nvd