Vulnerabilities (CVE)

Filtered by vendor Opera Subscribe
Total 311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5274 3 Mozilla, Opera, Sun 5 Firefox, Opera Browser, Jdk and 2 more 2024-11-21 2.6 LOW N/A
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
CVE-2007-4944 1 Opera 1 Opera Browser 2024-11-21 5.0 MEDIUM N/A
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
CVE-2007-4367 1 Opera 1 Opera Browser 2024-11-21 9.3 HIGH N/A
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
CVE-2007-3929 1 Opera 1 Opera Browser 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
CVE-2007-3819 1 Opera 1 Opera Browser 2024-11-21 5.0 MEDIUM N/A
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
CVE-2007-3142 1 Opera 1 Opera Browser 2024-11-21 5.8 MEDIUM N/A
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
CVE-2007-2809 1 Opera 1 Opera Browser 2024-11-21 9.3 HIGH N/A
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
CVE-2007-2274 1 Opera 1 Opera Browser 2024-11-21 7.8 HIGH N/A
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.
CVE-2007-2022 2 Adobe, Opera 2 Flash Player, Opera Browser 2024-11-21 6.8 MEDIUM N/A
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
CVE-2007-1737 1 Opera 1 Opera Browser 2024-11-21 7.5 HIGH N/A
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
CVE-2007-1563 1 Opera 1 Opera Browser 2024-11-21 6.8 MEDIUM N/A
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1377 4 Adobe, Mozilla, Netscape and 1 more 4 Acrobat Reader, Firefox, Navigator and 1 more 2024-11-21 5.0 MEDIUM N/A
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
CVE-2007-1115 1 Opera 1 Opera Browser 2024-11-21 4.3 MEDIUM N/A
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
CVE-2007-0802 2 Mozilla, Opera 2 Firefox, Opera Browser 2024-11-21 6.4 MEDIUM N/A
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
CVE-2007-0127 1 Opera 1 Opera Browser 2024-11-21 9.3 HIGH N/A
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
CVE-2007-0126 1 Opera 1 Opera Browser 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.
CVE-2006-6970 1 Opera 1 Opera Browser 2024-11-21 5.0 MEDIUM N/A
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
CVE-2006-6955 1 Opera 1 Opera Browser 2024-11-21 4.3 MEDIUM N/A
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2006-4819 1 Opera 1 Opera Browser 2024-11-21 5.1 MEDIUM N/A
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).
CVE-2006-3945 2 Microsoft, Opera 2 Windows Xp, Opera Browser 2024-11-21 5.0 MEDIUM N/A
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.