CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opera » Opera Browser : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3211 2013-04-19 2013-04-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
2 CVE-2013-1638 94 Exec Code 2013-02-08 2013-02-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
3 CVE-2013-1637 94 Exec Code 2013-02-08 2013-02-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
4 CVE-2012-6470 119 DoS Exec Code Overflow 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
5 CVE-2012-6468 119 DoS Exec Code Overflow Mem. Corr. 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
6 CVE-2012-6465 94 DoS Exec Code 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
7 CVE-2012-4145 2012-08-06 2012-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
8 CVE-2012-3561 119 DoS Exec Code Overflow Mem. Corr. 2012-06-14 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
9 CVE-2012-3559 2012-06-14 2012-08-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
10 CVE-2012-3556 20 Exec Code XSS 2012-06-14 2012-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
11 CVE-2011-4684 310 2011-12-07 2012-03-06
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
12 CVE-2011-4683 2011-12-07 2012-03-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
13 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-13
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
14 CVE-2011-2610 2011-07-01 2011-09-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
15 CVE-2011-0682 119 DoS Exec Code Overflow Mem. Corr. 2011-01-31 2011-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
16 CVE-2010-4587 2010-12-21 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
17 CVE-2010-4586 16 2010-12-21 2011-01-22
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.
18 CVE-2010-4581 2010-12-21 2011-01-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."
19 CVE-2010-4045 264 Exec Code XSS 2010-10-21 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
20 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
21 CVE-2010-2666 264 Exec Code 2010-07-08 2013-08-03
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
22 CVE-2010-2657 264 Exec Code Bypass 2010-07-08 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
23 CVE-2010-2421 2010-06-22 2010-08-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
24 CVE-2010-1728 399 DoS Exec Code 2010-05-06 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
25 CVE-2010-1349 189 1 Exec Code Overflow 2010-04-12 2010-04-13
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
26 CVE-2009-4072 2009-11-24 2010-08-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
27 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
28 CVE-2009-1599 264 Bypass 2009-05-11 2009-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
29 CVE-2009-0916 2009-03-16 2012-06-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
30 CVE-2009-0914 399 Exec Code Mem. Corr. 2009-03-16 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
31 CVE-2008-5680 119 Exec Code Overflow 2008-12-19 2012-06-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
32 CVE-2008-4694 59 DoS Exec Code 2008-10-23 2011-02-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
33 CVE-2008-4292 255 2008-09-27 2011-02-01
10.0
Admin Remote Low Not required Complete Complete Complete
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
34 CVE-2008-4197 399 Exec Code 2008-09-27 2009-09-01
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
35 CVE-2008-1762 399 DoS Exec Code Mem. Corr. 2008-04-12 2011-08-25
9.3
Admin Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
36 CVE-2007-6521 310 Exec Code 2007-12-24 2012-06-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
37 CVE-2007-5541 20 Exec Code 2007-10-17 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
Total number of vulnerabilities : 37   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.