Every CVE whose affected-product data names Opera Opera Browser, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2011-2628 — CVSS 10.0 (critical): Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial…
CVE-2011-2610 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2012-4145 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact…
CVE-2009-0916 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2013-3211 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2011-4684 — CVSS 10.0 (critical): Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to…
CVE-2008-4292 — CVSS 10.0 (critical): Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack…
CVE-2007-5476 — CVSS 10.0 (critical): Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly…
CVE-2012-3559 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
CVE-2012-3561 — CVSS 10.0 (critical): Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a…
CVE-2010-4581 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."
CVE-2011-4683 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2010-2421 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2)…
CVE-2007-6521 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
CVE-2010-4586 — CVSS 10.0 (critical): The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors…
CVE-2010-1349 — CVSS 10.0 (critical): Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which…
CVE-2005-3059 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling…
CVE-2009-4072 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2003-1388 — CVSS 9.3 (critical): Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
CVE-2009-0914 — CVSS 9.3 (critical): Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
CVE-2009-1599 — CVSS 9.3 (critical): Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline…
CVE-2012-6465 — CVSS 9.3 (critical): Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG…
CVE-2011-0682 — CVSS 9.3 (critical): Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2009-3831 — CVSS 9.3 (critical): Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)…
CVE-2010-4587 — CVSS 9.3 (critical): Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for…
CVE-2010-1728 — CVSS 9.3 (critical): Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which…
CVE-2010-2657 — CVSS 9.3 (critical): Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a…
CVE-2010-4045 — CVSS 9.3 (critical): Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote…
CVE-2010-3019 — CVSS 9.3 (critical): Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2010-2666 — CVSS 9.3 (critical): Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory…
CVE-2013-1638 — CVSS 9.3 (critical): Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
CVE-2012-6470 — CVSS 9.3 (critical): Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a…
CVE-2007-0126 — CVSS 9.3 (critical): Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index…
CVE-2007-0127 — CVSS 9.3 (critical): The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which…
CVE-2007-2809 — CVSS 9.3 (critical): Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code…
CVE-2007-3929 — CVSS 9.3 (critical): Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code…
CVE-2007-4367 — CVSS 9.3 (critical): Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an…
CVE-2007-5541 — CVSS 9.3 (critical): Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute…
CVE-2012-3556 — CVSS 9.3 (critical): Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which…
CVE-2008-1762 — CVSS 9.3 (critical): Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled…
CVE-2012-6468 — CVSS 9.3 (critical): Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2008-4694 — CVSS 9.3 (critical): Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute…
CVE-2008-5680 — CVSS 9.3 (critical): Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow…
CVE-2008-4197 — CVSS 8.8 (high): Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings…
CVE-2007-6523 — CVSS 7.8 (high): Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU…
CVE-2018-18913 — CVSS 7.8 (high): Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an…
CVE-2007-6524 — CVSS 7.8 (high): Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated…
CVE-2007-2274 — CVSS 7.8 (high): The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via…
CVE-2008-3078 — CVSS 7.8 (high): Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read…
CVE-2008-5683 — CVSS 7.8 (high): Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
CVE-2012-3555 — CVSS 7.6 (high): Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted…
CVE-2011-0450 — CVSS 7.6 (high): The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application…
CVE-2003-0870 — CVSS 7.5 (high): Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of…
CVE-2007-1737 — CVSS 7.5 (high): Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote…
CVE-2005-1475 — CVSS 7.5 (high): The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized…
CVE-2004-0717 — CVSS 7.5 (high): Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs…
CVE-2009-3046 — CVSS 7.5 (high): Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to…
CVE-2003-1387 — CVSS 7.5 (high): Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a…
CVE-2005-1139 — CVSS 7.5 (high): Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate…
CVE-2007-5540 — CVSS 7.5 (high): Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the…
CVE-2006-3198 — CVSS 7.5 (high): Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width…
CVE-2005-0233 — CVSS 7.5 (high): The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain…
CVE-2004-1157 — CVSS 7.5 (high): Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one…
CVE-2003-0593 — CVSS 7.5 (high): Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory…
CVE-2005-3750 — CVSS 7.5 (high): Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL…
CVE-2005-0457 — CVSS 7.2 (high): Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting…
CVE-2009-2070 — CVSS 6.8 (medium): Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows…
CVE-2012-1924 — CVSS 6.8 (medium): Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window…
CVE-2012-4143 — CVSS 6.8 (medium): Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick…
CVE-2009-2067 — CVSS 6.8 (medium): Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute…
CVE-2007-1563 — CVSS 6.8 (medium): The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other…
CVE-2007-2022 — CVSS 6.8 (medium): Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain…
CVE-2009-2063 — CVSS 6.8 (medium): Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle…
CVE-2009-2059 — CVSS 6.8 (medium): Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT…
CVE-2012-1925 — CVSS 6.8 (medium): Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote…
CVE-2009-0915 — CVSS 6.8 (medium): Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
CVE-2008-1080 — CVSS 6.8 (medium): Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target…
CVE-2008-1081 — CVSS 6.8 (medium): Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are…
CVE-2003-1396 — CVSS 6.8 (medium): Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute…
CVE-2010-2576 — CVSS 6.8 (medium): Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote…
CVE-2005-1669 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2013-1639 — CVSS 6.8 (medium): Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection…
CVE-2007-0802 — CVSS 6.4 (medium): Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the…
CVE-2011-4682 — CVSS 6.4 (medium): The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same…
CVE-2012-1928 — CVSS 6.4 (medium): Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different…
CVE-2012-1927 — CVSS 6.4 (medium): Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a…
CVE-2008-4200 — CVSS 6.4 (medium): Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to…
CVE-2012-1929 — CVSS 6.4 (medium): Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page…
CVE-2016-6908 — CVSS 6.1 (medium): Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android…
CVE-2016-4075 — CVSS 6.1 (medium): Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank…
CVE-2009-3832 — CVSS 5.8 (medium): Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote…
CVE-2012-1251 — CVSS 5.8 (medium): Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…
CVE-2007-3142 — CVSS 5.8 (medium): Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a…
CVE-2008-7297 — CVSS 5.8 (medium): Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to…
CVE-2008-4698 — CVSS 5.8 (medium): Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed…
CVE-2009-4071 — CVSS 5.8 (medium): Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read…
CVE-2016-7153 — CVSS 5.3 (medium): The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it…
CVE-2006-1834 — CVSS 5.1 (medium): Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute…
CVE-2005-2407 — CVSS 5.1 (medium): A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window…
CVE-2006-4819 — CVSS 5.1 (medium): Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link…
CVE-2011-2639 — CVSS 5.0 (medium): Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU…
CVE-2004-0537 — CVSS 5.0 (medium): Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the…
CVE-2004-0872 — CVSS 5.0 (medium): Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the…
CVE-2004-1201 — CVSS 5.0 (medium): Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using…
CVE-2004-1491 — CVSS 5.0 (medium): Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a…
CVE-2004-1810 — CVSS 5.0 (medium): The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a…
CVE-2004-2260 — CVSS 5.0 (medium): Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote…
CVE-2004-2570 — CVSS 5.0 (medium): Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary…
CVE-2005-0235 — CVSS 5.0 (medium): The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names…
CVE-2005-0238 — CVSS 5.0 (medium): The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names…
CVE-2005-0456 — CVSS 5.0 (medium): Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured…
CVE-2005-2309 — CVSS 5.0 (medium): Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using…
CVE-2005-2405 — CVSS 5.0 (medium): Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file…
CVE-2005-3006 — CVSS 5.0 (medium): The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow…
CVE-2005-3041 — CVSS 5.0 (medium): Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."
CVE-2005-3699 — CVSS 5.0 (medium): Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link…
CVE-2005-3946 — CVSS 5.0 (medium): Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember…
CVE-2005-4210 — CVSS 5.0 (medium): Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service…
CVE-2005-4718 — CVSS 5.0 (medium): Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content…
CVE-2006-3199 — CVSS 5.0 (medium): Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long…
CVE-2006-3331 — CVSS 5.0 (medium): Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote…
CVE-2006-3353 — CVSS 5.0 (medium): Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access…
CVE-2006-3945 — CVSS 5.0 (medium): The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background…
CVE-2006-6970 — CVSS 5.0 (medium): Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name…
CVE-2007-1377 — CVSS 5.0 (medium): AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of…
CVE-2007-3819 — CVSS 5.0 (medium): Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents…
CVE-2007-4944 — CVSS 5.0 (medium): The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process…
CVE-2008-2714 — CVSS 5.0 (medium): Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text…
CVE-2008-2715 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the…
CVE-2008-2716 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by…
CVE-2008-4195 — CVSS 5.0 (medium): Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame…
CVE-2008-4198 — CVSS 5.0 (medium): Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security…
CVE-2008-4199 — CVSS 5.0 (medium): Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers…
CVE-2008-7245 — CVSS 5.0 (medium): Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a…
CVE-2009-2577 — CVSS 5.0 (medium): Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long…
CVE-2009-3044 — CVSS 5.0 (medium): Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common…
CVE-2009-3045 — CVSS 5.0 (medium): Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to…
CVE-2009-3049 — CVSS 5.0 (medium): Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote…
CVE-2009-3269 — CVSS 5.0 (medium): Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a…
CVE-2010-1310 — CVSS 5.0 (medium): Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached…
CVE-2010-1989 — CVSS 5.0 (medium): Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which…
CVE-2010-1993 — CVSS 5.0 (medium): Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a…
CVE-2010-3020 — CVSS 5.0 (medium): The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions…
CVE-2010-4579 — CVSS 5.0 (medium): Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers…
CVE-2010-4580 — CVSS 5.0 (medium): Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain…
CVE-2010-4582 — CVSS 5.0 (medium): Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass…
CVE-2010-4585 — CVSS 5.0 (medium): Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service…
CVE-2010-5072 — CVSS 5.0 (medium): The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the…
CVE-2011-0684 — CVSS 5.0 (medium): Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain…
CVE-2011-0686 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2612 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2613 — CVSS 5.0 (medium): The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a…
CVE-2011-2614 — CVSS 5.0 (medium): The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving…
CVE-2011-2615 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content…
CVE-2011-2616 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown…
CVE-2011-2617 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors…
CVE-2011-2618 — CVSS 5.0 (medium): Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element…
CVE-2011-2619 — CVSS 5.0 (medium): Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the…
CVE-2011-2620 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors…
CVE-2011-2621 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors…
CVE-2011-2622 — CVSS 5.0 (medium): Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service…
CVE-2011-2623 — CVSS 5.0 (medium): Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service…
CVE-2011-2625 — CVSS 5.0 (medium): Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION…
CVE-2011-2626 — CVSS 5.0 (medium): Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC…
CVE-2011-2627 — CVSS 5.0 (medium): Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application…
CVE-2011-2629 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2631 — CVSS 5.0 (medium): The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows…
CVE-2011-2632 — CVSS 5.0 (medium): Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of…
CVE-2011-2633 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors…
CVE-2011-2634 — CVSS 5.0 (medium): Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
CVE-2011-2635 — CVSS 5.0 (medium): The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application…
CVE-2011-2636 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2637 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2638 — CVSS 5.0 (medium): Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown…
CVE-2011-2640 — CVSS 5.0 (medium): Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty…
CVE-2011-2641 — CVSS 5.0 (medium): Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within…
CVE-2011-4681 — CVSS 5.0 (medium): Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different…
CVE-2011-4685 — CVSS 5.0 (medium): Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web…
CVE-2011-4686 — CVSS 5.0 (medium): Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service…
CVE-2011-4687 — CVSS 5.0 (medium): Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page…
CVE-2011-4690 — CVSS 5.0 (medium): Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts…
CVE-2012-1003 — CVSS 5.0 (medium): Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large…
CVE-2012-1926 — CVSS 5.0 (medium): Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState…
CVE-2012-3557 — CVSS 5.0 (medium): Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of…
CVE-2012-3563 — CVSS 5.0 (medium): Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid…
CVE-2012-3564 — CVSS 5.0 (medium): Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off…
CVE-2012-3565 — CVSS 5.0 (medium): Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as…
CVE-2012-3567 — CVSS 5.0 (medium): Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element…
CVE-2012-3568 — CVSS 5.0 (medium): Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated…
CVE-2012-4010 — CVSS 5.0 (medium): Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than…
CVE-2012-6460 — CVSS 5.0 (medium): Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and…
CVE-2012-6461 — CVSS 5.0 (medium): The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false…
CVE-2012-6462 — CVSS 5.0 (medium): Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to…
CVE-2012-6466 — CVSS 5.0 (medium): Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially…
CVE-2012-6469 — CVSS 5.0 (medium): Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error…
CVE-2012-6471 — CVSS 5.0 (medium): Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
CVE-2013-3210 — CVSS 5.0 (medium): Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive…
CVE-2012-1930 — CVSS 4.6 (medium): Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain…
CVE-2012-6472 — CVSS 4.6 (medium): Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by…