Opera » Opera Browser » 5.10 : Security Vulnerabilities, CVEs, (Code Execution)
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
Max CVSS
9.3
EPSS Score
91.42%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
Max CVSS
9.3
EPSS Score
5.46%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
Max CVSS
9.3
EPSS Score
7.12%
Published
2013-01-02
Updated
2013-01-02
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
Max CVSS
9.3
EPSS Score
3.41%
Published
2013-01-02
Updated
2015-10-08
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
Max CVSS
9.3
EPSS Score
1.03%
Published
2013-01-02
Updated
2013-01-02
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
Max CVSS
10.0
EPSS Score
10.03%
Published
2012-06-14
Updated
2012-08-14
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
0.48%
Published
2012-06-14
Updated
2012-06-15
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
Max CVSS
7.6
EPSS Score
0.49%
Published
2012-06-14
Updated
2012-06-20
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
Max CVSS
10.0
EPSS Score
31.57%
Published
2011-07-01
Updated
2012-02-14
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value.
Max CVSS
4.3
EPSS Score
3.87%
Published
2011-05-10
Updated
2018-10-09
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
Max CVSS
9.3
EPSS Score
4.86%
Published
2011-01-31
Updated
2018-08-13
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.
Max CVSS
7.6
EPSS Score
4.89%
Published
2011-01-31
Updated
2017-09-19
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
Max CVSS
9.3
EPSS Score
2.42%
Published
2010-10-21
Updated
2017-09-19
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
Max CVSS
9.3
EPSS Score
8.22%
Published
2010-08-16
Updated
2017-09-19
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
Max CVSS
9.3
EPSS Score
9.96%
Published
2010-07-08
Updated
2018-10-30
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
Max CVSS
9.3
EPSS Score
2.29%
Published
2010-07-08
Updated
2021-09-08
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
Max CVSS
6.8
EPSS Score
11.48%
Published
2010-08-16
Updated
2018-10-10
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
Max CVSS
9.3
EPSS Score
17.02%
Published
2010-05-06
Updated
2018-10-30
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
Max CVSS
9.3
EPSS Score
3.86%
Published
2009-10-30
Updated
2022-03-01
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
Max CVSS
9.3
EPSS Score
4.02%
Published
2009-03-16
Updated
2017-09-29
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
Max CVSS
9.3
EPSS Score
10.43%
Published
2008-12-19
Updated
2018-10-11
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
Max CVSS
9.3
EPSS Score
28.99%
Published
2008-10-23
Updated
2017-08-08
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Max CVSS
9.3
EPSS Score
8.25%
Published
2008-09-27
Updated
2024-02-15
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
9.20%
Published
2008-04-12
Updated
2017-08-08
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
Max CVSS
10.0
EPSS Score
14.54%
Published
2007-12-24
Updated
2017-08-08