Filtered by vendor Opera
Subscriptions
Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." | ||||
CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | ||||
CVE-2008-1764 | 1 Opera | 1 Opera | 2024-08-07 | N/A |
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." | ||||
CVE-2008-1761 | 1 Opera | 1 Opera | 2024-08-07 | N/A |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. | ||||
CVE-2008-1762 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. | ||||
CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | ||||
CVE-2008-1081 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. | ||||
CVE-2008-1080 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. | ||||
CVE-2009-4071 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
CVE-2009-4072 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | ||||
CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2024-08-07 | N/A |
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | ||||
CVE-2009-3831 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2024-08-07 | N/A |
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | ||||
CVE-2009-3266 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." | ||||
CVE-2009-3269 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | ||||
CVE-2009-3265 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. | ||||
CVE-2009-3045 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. | ||||
CVE-2009-3046 | 1 Opera | 1 Opera Browser | 2024-08-07 | 7.5 High |
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. | ||||
CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | ||||
CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2024-08-07 | N/A |
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | ||||
CVE-2009-3044 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |