Filtered by vendor Opera
Subscriptions
Filtered by product Opera Browser
Subscriptions
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4045 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. | ||||
| CVE-2011-2641 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value. | ||||
| CVE-2008-7297 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | ||||
| CVE-2010-4048 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. | ||||
| CVE-2011-4682 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites. | ||||
| CVE-2011-4683 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue." | ||||
| CVE-2010-4049 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | ||||
| CVE-2011-4686 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | ||||
| CVE-2011-4690 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | ||||
| CVE-2012-1003 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue." | ||||
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | ||||
| CVE-2010-4582 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-1927 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | ||||
| CVE-2012-1928 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. | ||||
| CVE-2010-4581 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue." | ||||
| CVE-2012-1931 | 2 Opera, Unix | 2 Opera Browser, Unix | 2025-04-11 | N/A |
| Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | ||||
| CVE-2012-3555 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue. | ||||
| CVE-2012-3556 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. | ||||
| CVE-2010-4583 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. | ||||
| CVE-2010-5068 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | ||||