Filtered by vendor Opera
Subscriptions
Filtered by product Opera Browser
Subscriptions
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4200 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. | ||||
| CVE-2009-2351 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. | ||||
| CVE-2008-4698 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. | ||||
| CVE-2006-4819 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | ||||
| CVE-2008-5682 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | ||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | ||||
| CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | ||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | ||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | ||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | ||||
| CVE-2008-7245 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | ||||
| CVE-2007-2809 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. | ||||
| CVE-2009-0916 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | ||||
| CVE-2009-4071 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2009-2059 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | ||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | ||||
| CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2025-04-09 | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
| CVE-2008-4694 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. | ||||