The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Max CVSS
5.3
EPSS Score
0.51%
Published
2016-09-06
Updated
2017-02-19
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-04-19
Updated
2013-04-22
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
Max CVSS
5.0
EPSS Score
0.31%
Published
2013-01-02
Updated
2015-10-08
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
Max CVSS
5.0
EPSS Score
0.11%
Published
2013-01-02
Updated
2013-01-02
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-01-02
Updated
2013-01-02
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
Max CVSS
5.0
EPSS Score
0.17%
Published
2013-01-02
Updated
2013-01-02
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-30
Updated
2012-09-13
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
Max CVSS
5.0
EPSS Score
0.26%
Published
2012-06-14
Updated
2017-08-29
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
Max CVSS
5.0
EPSS Score
0.26%
Published
2012-06-14
Updated
2017-08-29
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
Max CVSS
5.0
EPSS Score
0.26%
Published
2012-06-14
Updated
2017-08-29
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
Max CVSS
5.0
EPSS Score
0.26%
Published
2012-06-14
Updated
2017-08-29
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
Max CVSS
5.0
EPSS Score
0.24%
Published
2012-06-14
Updated
2017-08-29
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
Max CVSS
5.0
EPSS Score
0.19%
Published
2012-06-14
Updated
2012-06-15
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
Max CVSS
5.0
EPSS Score
0.87%
Published
2012-03-28
Updated
2018-01-06
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.08%
Published
2012-06-04
Updated
2014-03-05
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue."
Max CVSS
5.0
EPSS Score
0.40%
Published
2012-02-07
Updated
2017-08-29
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
Max CVSS
5.0
EPSS Score
0.22%
Published
2011-12-07
Updated
2012-03-06
Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.
Max CVSS
5.0
EPSS Score
0.28%
Published
2011-12-07
Updated
2012-03-06
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.28%
Published
2011-12-07
Updated
2012-03-06
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-12-07
Updated
2012-03-06
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
Max CVSS
5.0
EPSS Score
0.15%
Published
2011-12-07
Updated
2012-03-06
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
Max CVSS
5.0
EPSS Score
0.80%
Published
2011-07-01
Updated
2011-07-05
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.
Max CVSS
5.0
EPSS Score
0.92%
Published
2011-07-01
Updated
2017-08-29
107 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!