Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
0.61%
Published
2008-07-09
Updated
2017-08-08
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
Max CVSS
10.0
EPSS Score
0.89%
Published
2008-09-27
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
Max CVSS
10.0
EPSS Score
8.06%
Published
2008-09-27
Updated
2017-08-08
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
Max CVSS
9.3
EPSS Score
2.12%
Published
2008-04-12
Updated
2017-08-08
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
9.20%
Published
2008-04-12
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
Max CVSS
9.3
EPSS Score
0.67%
Published
2008-04-12
Updated
2017-08-08
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Max CVSS
9.3
EPSS Score
8.25%
Published
2008-09-27
Updated
2024-02-15
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
Max CVSS
9.3
EPSS Score
28.99%
Published
2008-10-23
Updated
2017-08-08
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
Max CVSS
9.3
EPSS Score
11.04%
Published
2008-10-23
Updated
2017-08-08
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
Max CVSS
9.3
EPSS Score
10.55%
Published
2008-10-30
Updated
2017-08-08
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
Max CVSS
9.3
EPSS Score
47.35%
Published
2008-11-20
Updated
2017-10-19
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
Max CVSS
9.3
EPSS Score
3.83%
Published
2008-12-19
Updated
2018-10-11
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
Max CVSS
9.3
EPSS Score
10.43%
Published
2008-12-19
Updated
2018-10-11
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
Max CVSS
7.8
EPSS Score
0.75%
Published
2008-07-09
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
Max CVSS
7.8
EPSS Score
0.47%
Published
2008-12-19
Updated
2012-06-07
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
Max CVSS
6.8
EPSS Score
1.69%
Published
2008-02-29
Updated
2012-06-07
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
Max CVSS
6.8
EPSS Score
1.75%
Published
2008-02-29
Updated
2012-06-07
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
Max CVSS
6.8
EPSS Score
0.68%
Published
2008-07-14
Updated
2017-08-08
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
Max CVSS
6.4
EPSS Score
0.55%
Published
2008-09-27
Updated
2017-08-08
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.
Max CVSS
5.8
EPSS Score
0.72%
Published
2008-10-23
Updated
2017-08-08
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
Max CVSS
5.0
EPSS Score
0.45%
Published
2008-06-16
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
Max CVSS
5.0
EPSS Score
0.71%
Published
2008-06-16
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.
Max CVSS
5.0
EPSS Score
0.57%
Published
2008-06-16
Updated
2022-03-01
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
Max CVSS
5.0
EPSS Score
0.60%
Published
2008-09-27
Updated
2017-08-08
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.
Max CVSS
5.0
EPSS Score
0.82%
Published
2008-09-27
Updated
2017-08-08
35 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!