CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opera » Opera Browser : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3210 200 +Info 2013-04-19 2013-04-22
5.0
None Remote Low Not required Partial None None
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
2 CVE-2012-6471 2013-01-02 2013-01-02
5.0
None Remote Low Not required None Partial None
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
3 CVE-2012-6469 200 +Info 2013-01-02 2013-01-02
5.0
None Remote Low Not required Partial None None
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
4 CVE-2012-6466 200 +Info 2013-01-02 2013-01-02
5.0
None Remote Low Not required Partial None None
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
5 CVE-2012-6462 264 Bypass 2013-01-02 2013-01-02
5.0
None Remote Low Not required Partial None None
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
6 CVE-2012-6461 20 2013-01-02 2013-01-02
5.0
None Remote Low Not required None Partial None
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
7 CVE-2012-6460 2013-01-02 2013-01-02
5.0
None Remote Low Not required None Partial None
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
8 CVE-2012-4010 2012-08-30 2012-09-13
5.0
None Remote Low Not required None Partial None
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
9 CVE-2012-3568 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
10 CVE-2012-3567 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
11 CVE-2012-3565 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
12 CVE-2012-3564 DoS Overflow 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
13 CVE-2012-3563 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
14 CVE-2012-3557 264 +Info 2012-06-14 2012-06-15
5.0
None Remote Low Not required Partial None None
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
15 CVE-2012-1926 200 Bypass +Info 2012-03-27 2012-04-16
5.0
None Remote Low Not required Partial None None
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
16 CVE-2012-1251 310 +Info 2012-06-04 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
17 CVE-2012-1003 189 DoS Overflow 2012-02-06 2012-02-13
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue."
18 CVE-2011-4690 264 2011-12-07 2012-03-06
5.0
None Remote Low Not required Partial None None
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
19 CVE-2011-4687 399 DoS 2011-12-07 2012-03-06
5.0
None Remote Low Not required None None Partial
Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.
20 CVE-2011-4686 DoS 2011-12-07 2012-03-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
21 CVE-2011-4685 20 DoS 2011-12-07 2012-03-06
5.0
None Remote Low Not required None None Partial
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
22 CVE-2011-4681 264 Bypass 2011-12-07 2012-03-06
5.0
None Remote Low Not required None Partial None
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
23 CVE-2011-2641 399 1 DoS 2011-07-01 2011-07-05
5.0
None Remote Low Not required None None Partial
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
24 CVE-2011-2640 399 DoS 2011-07-01 2011-09-06
5.0
None Remote Low Not required None None Partial
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.
25 CVE-2011-2639 399 DoS 2011-07-01 2011-07-05
5.0
None Remote Low Not required None None Partial
Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.
26 CVE-2011-2638 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.
27 CVE-2011-2637 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.
28 CVE-2011-2636 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.
29 CVE-2011-2635 399 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.
30 CVE-2011-2634 20 2011-07-01 2011-07-08
5.0
None Remote Low Not required None Partial None
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
31 CVE-2011-2633 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.
32 CVE-2011-2632 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl.
33 CVE-2011-2631 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.
34 CVE-2011-2629 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.
35 CVE-2011-2627 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.
36 CVE-2011-2626 399 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.
37 CVE-2011-2625 399 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.
38 CVE-2011-2623 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.
39 CVE-2011-2622 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
40 CVE-2011-2621 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.
41 CVE-2011-2620 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.
42 CVE-2011-2619 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style Sheets (CSS).
43 CVE-2011-2618 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.
44 CVE-2011-2617 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.
45 CVE-2011-2616 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.
46 CVE-2011-2615 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.
47 CVE-2011-2614 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.
48 CVE-2011-2613 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.
49 CVE-2011-2612 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.
50 CVE-2011-0686 DoS 2011-01-31 2011-07-18
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
Total number of vulnerabilities : 82   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.