CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opera : Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-5180 200 +Info 2012-12-26 2013-01-08
4.3
None Remote Medium Not required Partial None None
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
2 CVE-2012-4146 119 DoS Overflow 2012-08-06 2012-08-07
4.3
None Remote Medium Not required None None Partial
Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.
3 CVE-2012-4145 2012-08-06 2012-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
4 CVE-2012-4144 79 XSS Bypass 2012-08-06 2012-08-07
4.3
None Remote Medium Not required None Partial None
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
5 CVE-2012-4143 94 2012-08-06 2012-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
6 CVE-2012-4142 79 XSS 2012-08-06 2012-08-07
4.3
None Remote Medium Not required None Partial None
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
7 CVE-2012-4010 2012-08-30 2012-09-13
5.0
None Remote Low Not required None Partial None
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
8 CVE-2012-3568 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
9 CVE-2012-3567 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
10 CVE-2012-3566 DoS 2012-06-14 2012-08-16
4.3
None Remote Medium Not required None None Partial
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
11 CVE-2012-3565 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
12 CVE-2012-3564 DoS Overflow 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
13 CVE-2012-3563 DoS 2012-06-14 2012-08-16
5.0
None Remote Low Not required None None Partial
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
14 CVE-2012-3562 DoS 2012-06-14 2012-08-16
4.3
None Remote Medium Not required None None Partial
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
15 CVE-2012-3561 119 DoS Exec Code Overflow Mem. Corr. 2012-06-14 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
16 CVE-2012-3560 264 2012-06-14 2012-06-15
4.3
None Remote Medium Not required None Partial None
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
17 CVE-2012-3559 2012-06-14 2012-08-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
18 CVE-2012-3558 264 2012-06-14 2012-06-15
2.6
None Remote High Not required None Partial None
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
19 CVE-2012-3557 264 +Info 2012-06-14 2012-06-15
5.0
None Remote Low Not required Partial None None
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
20 CVE-2012-3556 20 Exec Code XSS 2012-06-14 2012-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
21 CVE-2012-3555 Exec Code XSS 2012-06-14 2012-06-20
7.6
None Remote High Not required Complete Complete Complete
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
22 CVE-2012-1931 264 2012-03-27 2012-10-09
4.6
None Local Low Not required Partial Partial Partial
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.
23 CVE-2012-1930 264 +Info 2012-03-27 2012-10-09
4.6
None Local Low Not required Partial Partial Partial
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.
24 CVE-2012-1929 20 2012-03-27 2012-11-06
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
25 CVE-2012-1928 20 2012-03-27 2012-04-16
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
26 CVE-2012-1927 20 2012-03-27 2012-04-16
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.
27 CVE-2012-1926 200 Bypass +Info 2012-03-27 2012-04-16
5.0
None Remote Low Not required Partial None None
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
28 CVE-2012-1925 2012-03-27 2012-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
29 CVE-2012-1924 94 2012-03-27 2012-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
30 CVE-2012-1251 310 +Info 2012-06-04 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
31 CVE-2012-1003 189 DoS Overflow 2012-02-06 2012-02-13
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue."
32 CVE-2010-5227 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.