Opera : Security Vulnerabilities, CVEs, Published In 2013 CVSS score >= 5
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-04-19
Updated
2013-04-22
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-04-19
Updated
2013-04-22
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
Max CVSS
6.8
EPSS Score
0.16%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
Max CVSS
9.3
EPSS Score
91.42%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
Max CVSS
9.3
EPSS Score
5.46%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
Max CVSS
9.3
EPSS Score
5.86%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
Max CVSS
5.0
EPSS Score
0.31%
Published
2013-01-02
Updated
2015-10-08
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
Max CVSS
9.3
EPSS Score
3.41%
Published
2013-01-02
Updated
2015-10-08
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
Max CVSS
9.3
EPSS Score
1.03%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
Max CVSS
5.0
EPSS Score
0.11%
Published
2013-01-02
Updated
2013-01-02
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
Max CVSS
5.0
EPSS Score
0.17%
Published
2013-01-02
Updated
2013-01-02
14 vulnerabilities found