Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opera_browser
(Opera)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 282 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-05-21 | CVE-2015-4000 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | Iphone_os, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Chrome, Hp\-Ux, Content_manager, Internet_explorer, Firefox, Firefox_esr, Firefox_os, Network_security_services, Seamonkey, Thunderbird, Openssl, Opera_browser, Jdk, Jre, Jrockit, Sparc\-Opl_service_processor, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 3.7 | ||
| 2017-04-21 | CVE-2016-4075 | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | Opera_browser, Opera_mini | 6.1 | ||
| 2003-11-17 | CVE-2003-0870 | Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | Opera_browser | N/A | ||
| 2003-12-31 | CVE-2003-1397 | The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | Opera_browser | N/A | ||
| 2003-12-31 | CVE-2003-1396 | Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | Opera_browser | N/A | ||
| 2003-12-31 | CVE-2003-1388 | Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | Opera_browser | N/A | ||
| 2003-12-31 | CVE-2003-1387 | Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. | Opera_browser | N/A | ||
| 2004-04-15 | CVE-2003-0593 | Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | Opera_browser | N/A | ||
| 2007-10-08 | CVE-2007-5276 | Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. | Opera_browser | N/A | ||
| 2008-06-16 | CVE-2008-2716 | Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | Opera_browser | N/A |