CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opera : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1638 94 Exec Code 2013-02-08 2013-02-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
2 CVE-2013-1637 94 Exec Code 2013-02-08 2013-02-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
3 CVE-2012-6470 119 DoS Exec Code Overflow 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
4 CVE-2012-6468 119 DoS Exec Code Overflow Mem. Corr. 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
5 CVE-2012-6465 94 DoS Exec Code 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
6 CVE-2012-3561 119 DoS Exec Code Overflow Mem. Corr. 2012-06-14 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
7 CVE-2012-3556 20 Exec Code XSS 2012-06-14 2012-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
8 CVE-2012-3555 Exec Code XSS 2012-06-14 2012-06-20
7.6
None Remote High Not required Complete Complete Complete
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
9 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-13
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
10 CVE-2011-1824 20 DoS Exec Code 2011-05-10 2011-09-21
4.3
None Remote Medium Not required None None Partial
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value.
11 CVE-2011-0682 119 DoS Exec Code Overflow Mem. Corr. 2011-01-31 2011-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
12 CVE-2011-0450 Exec Code 2011-01-31 2011-07-18
7.6
None Remote High Not required Complete Complete Complete
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.
13 CVE-2010-4045 264 Exec Code XSS 2010-10-21 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
14 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
15 CVE-2010-2666 264 Exec Code 2010-07-08 2013-08-03
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
16 CVE-2010-2657 264 Exec Code Bypass 2010-07-08 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
17 CVE-2010-2576 94 Exec Code 2010-08-16 2012-06-07
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
18 CVE-2010-1728 399 DoS Exec Code 2010-05-06 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
19 CVE-2010-1349 189 1 Exec Code Overflow 2010-04-12 2010-04-13
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
20 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
21 CVE-2009-0914 399 Exec Code Mem. Corr. 2009-03-16 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
22 CVE-2008-5680 119 Exec Code Overflow 2008-12-19 2012-06-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
23 CVE-2008-5679 399 Exec Code 2008-12-19 2009-03-20
9.3
Admin Remote Medium Not required Complete Complete Complete
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
24 CVE-2008-5178 119 Exec Code Overflow 2008-11-20 2009-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
25 CVE-2008-4794 20 Exec Code 2008-10-30 2009-08-11
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
26 CVE-2008-4694 59 DoS Exec Code 2008-10-23 2011-02-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
27 CVE-2008-4293 DoS Exec Code 2008-09-27 2009-09-01
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
28 CVE-2008-4197 399 Exec Code 2008-09-27 2009-09-01
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
29 CVE-2008-3079 Exec Code 2008-07-08 2009-05-14
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
30 CVE-2008-1762 399 DoS Exec Code Mem. Corr. 2008-04-12 2011-08-25
9.3
Admin Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
31 CVE-2008-1761 399 DoS Exec Code 2008-04-12 2009-07-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
32 CVE-2007-6521 310 Exec Code 2007-12-24 2012-06-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
33 CVE-2007-5541 20 Exec Code 2007-10-17 2012-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
34 CVE-2006-4819 119 Exec Code Overflow 2006-10-17 2012-06-08
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).
35 CVE-2006-1834 189 Exec Code 2006-04-19 2012-06-08
5.1
User Remote High Not required Partial Partial Partial
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.