Opera : Security Vulnerabilities, CVEs, Published In 2009 CVSS score >= 6
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
Max CVSS
10.0
EPSS Score
0.77%
Published
2009-11-24
Updated
2018-10-30
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
Max CVSS
9.3
EPSS Score
3.86%
Published
2009-10-30
Updated
2022-03-01
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-09-02
Updated
2024-02-09
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-06-15
Updated
2012-06-07
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Max CVSS
6.8
EPSS Score
0.15%
Published
2009-06-15
Updated
2018-10-30
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
Max CVSS
6.8
EPSS Score
0.17%
Published
2009-06-15
Updated
2017-08-17
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Max CVSS
6.8
EPSS Score
0.18%
Published
2009-06-15
Updated
2018-10-30
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
Max CVSS
9.3
EPSS Score
0.37%
Published
2009-05-11
Updated
2018-10-30
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
Max CVSS
10.0
EPSS Score
1.05%
Published
2009-03-16
Updated
2012-06-07
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
Max CVSS
6.8
EPSS Score
1.53%
Published
2009-03-16
Updated
2022-03-01
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
Max CVSS
9.3
EPSS Score
4.02%
Published
2009-03-16
Updated
2017-09-29
11 vulnerabilities found