Filtered by vendor Opera
Subscribe
Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2023-02-09 | 4.3 MEDIUM | 3.7 LOW |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
CVE-2015-8960 | 7 Apple, Google, Ietf and 4 more | 18 Safari, Chrome, Transport Layer Security and 15 more | 2023-01-30 | 6.8 MEDIUM | 8.1 HIGH |
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | |||||
CVE-2018-16135 | 1 Opera | 1 Opera Mini | 2023-01-05 | N/A | 6.5 MEDIUM |
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. | |||||
CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2022-11-29 | 4.3 MEDIUM | N/A |
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
CVE-2016-4075 | 1 Opera | 2 Opera Browser, Opera Mini | 2022-04-06 | 5.8 MEDIUM | 6.1 MEDIUM |
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||||
CVE-2003-1397 | 1 Opera | 1 Opera Browser | 2022-03-01 | 4.3 MEDIUM | N/A |
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | |||||
CVE-2003-1396 | 1 Opera | 1 Opera Browser | 2022-03-01 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | |||||
CVE-2003-1388 | 1 Opera | 1 Opera Browser | 2022-03-01 | 9.3 HIGH | N/A |
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | |||||
CVE-2003-1387 | 1 Opera | 1 Opera Browser | 2022-03-01 | 7.5 HIGH | N/A |
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. | |||||
CVE-2003-0593 | 1 Opera | 1 Opera Browser | 2022-03-01 | 7.5 HIGH | N/A |
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
CVE-2003-0870 | 1 Opera | 1 Opera Browser | 2022-03-01 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | |||||
CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2022-03-01 | 5.8 MEDIUM | N/A |
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
CVE-2009-3831 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2022-03-01 | 9.3 HIGH | N/A |
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | |||||
CVE-2009-0915 | 1 Opera | 1 Opera Browser | 2022-03-01 | 6.8 MEDIUM | N/A |
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. | |||||
CVE-2008-2716 | 1 Opera | 1 Opera Browser | 2022-03-01 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | |||||
CVE-2007-5276 | 1 Opera | 1 Opera Browser | 2022-03-01 | 4.3 MEDIUM | N/A |
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. | |||||
CVE-2005-0457 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.2 HIGH | N/A |
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | |||||
CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | |||||
CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2022-02-28 | 4.0 MEDIUM | N/A |
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | |||||
CVE-2004-1157 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. |