|
|
Opera Software : Security Vulnerabilities (CVSS score >= 9)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2009-3831 |
94 |
|
DoS Exec Code Mem. Corr. |
2009-10-30 |
2010-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. |
|
2 |
CVE-2009-0916 |
|
|
|
2009-03-16 |
2009-04-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." |
|
3 |
CVE-2009-0914 |
399 |
|
Exec Code Mem. Corr. |
2009-03-16 |
2010-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. |
|
4 |
CVE-2007-6521 |
310 |
|
Exec Code |
2007-12-24 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. |
|
5 |
CVE-2007-5541 |
20 |
|
Exec Code |
2007-10-17 |
2008-11-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors. |
|
6 |
CVE-2007-5476 |
|
|
|
2007-10-17 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. |
|
7 |
CVE-2007-4367 |
|
|
Exec Code |
2007-08-15 |
2008-09-05 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." |
|
8 |
CVE-2007-3929 |
119 |
|
Exec Code Overflow |
2007-07-20 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. |
|
9 |
CVE-2007-2809 |
|
|
Exec Code Overflow |
2007-05-22 |
2008-09-05 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. |
|
10 |
CVE-2007-0127 |
94 |
|
Exec Code |
2007-01-08 |
2008-11-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. |
|
11 |
CVE-2007-0126 |
119 |
|
Exec Code Overflow |
2007-01-08 |
2008-11-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. |
|
12 |
CVE-2005-3059 |
|
|
|
2005-09-26 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." |
|
13 |
CVE-2003-1388 |
119 |
|
Overflow |
2003-12-31 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. |
Total number of vulnerabilities : 13
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
