Filtered by vendor Opera Subscriptions
Filtered by product Opera Browser Subscriptions
Total 285 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-2661 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2024-11-21 N/A
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.
CVE-2010-2660 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2024-11-21 N/A
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.
CVE-2010-2659 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2024-11-21 N/A
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
CVE-2010-2658 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.
CVE-2010-2657 3 Apple, Microsoft, Opera 3 Macos, Windows, Opera Browser 2024-11-21 N/A
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
CVE-2010-2576 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
CVE-2010-2455 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
CVE-2010-2421 1 Opera 1 Opera Browser 2024-11-21 N/A
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
CVE-2010-2121 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
CVE-2010-1993 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
CVE-2010-1989 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.
CVE-2010-1728 3 Apple, Microsoft, Opera 3 Mac Os X, Windows, Opera Browser 2024-11-21 N/A
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
CVE-2010-1349 2 Microsoft, Opera 2 Windows, Opera Browser 2024-11-21 N/A
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
CVE-2010-1310 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.
CVE-2010-0653 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
CVE-2009-4072 1 Opera 1 Opera Browser 2024-11-21 N/A
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2009-4071 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2009-3832 2 Microsoft, Opera 2 Windows, Opera Browser 2024-11-21 N/A
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
CVE-2009-3831 2 Microsoft, Opera 2 Windows, Opera Browser 2024-11-21 N/A
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
CVE-2009-3269 1 Opera 1 Opera Browser 2024-11-21 N/A
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.