Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opera Subscribe
Filtered by product Opera
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6159 1 Opera 1 Opera 2020-12-23 4.3 MEDIUM 6.1 MEDIUM
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
CVE-2019-12278 1 Opera 1 Opera 2020-08-24 4.3 MEDIUM 4.3 MEDIUM
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.
CVE-2019-19788 1 Opera 1 Opera 2020-01-07 2.1 LOW 5.5 MEDIUM
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
CVE-2008-5679 1 Opera 1 Opera 2018-10-11 9.3 HIGH N/A
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
CVE-2008-5428 2 Microsoft, Opera 2 Windows Xp, Opera 2018-10-11 4.3 MEDIUM N/A
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
CVE-2008-4696 1 Opera 1 Opera 2018-10-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
CVE-2008-5178 2 Microsoft, Opera 2 Windows, Opera 2017-10-18 9.3 HIGH N/A
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
CVE-2009-2068 1 Opera 1 Opera 2017-08-16 5.8 MEDIUM N/A
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2008-4795 1 Opera 1 Opera 2017-08-07 4.3 MEDIUM N/A
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
CVE-2008-4293 2 Microsoft, Opera 2 Windows, Opera 2017-08-07 10.0 HIGH N/A
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
CVE-2008-4695 1 Opera 1 Opera 2017-08-07 9.3 HIGH N/A
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
CVE-2008-4794 1 Opera 1 Opera 2017-08-07 9.3 HIGH N/A
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
CVE-2008-3079 2 Microsoft, Opera 2 Windows, Opera 2017-08-07 10.0 HIGH N/A
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
CVE-2008-3172 1 Opera 1 Opera 2017-08-07 6.8 MEDIUM N/A
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
CVE-2008-1761 1 Opera 1 Opera 2017-08-07 9.3 HIGH N/A
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
CVE-2008-1764 1 Opera 1 Opera 2017-08-07 9.3 HIGH N/A
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
CVE-2016-7152 5 Apple, Google, Microsoft and 2 more 6 Safari, Chrome, Edge and 3 more 2017-02-18 5.0 MEDIUM 5.3 MEDIUM
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVE-2010-5227 1 Opera 1 Opera 2012-09-07 6.9 MEDIUM N/A
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
CVE-2003-1561 1 Opera 1 Opera 2009-01-28 4.3 MEDIUM N/A
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.