Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opera_browser
(Opera)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 282 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-05-06 | CVE-2010-1728 | Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. | Opera_browser | N/A | ||
| 2010-04-12 | CVE-2010-1349 | Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. | Opera_browser | N/A | ||
| 2010-04-08 | CVE-2010-1310 | Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. | Opera_browser | N/A | ||
| 2010-02-18 | CVE-2010-0653 | Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | Opera_browser | N/A | ||
| 2009-11-24 | CVE-2009-4072 | Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | Opera_browser | N/A | ||
| 2009-11-24 | CVE-2009-4071 | Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | Opera_browser | N/A | ||
| 2009-09-18 | CVE-2009-3269 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | Opera_browser | N/A | ||
| 2009-09-18 | CVE-2009-3266 | Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." | Opera_browser | N/A | ||
| 2009-09-18 | CVE-2009-3265 | Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. | Opera_browser | N/A | ||
| 2009-09-02 | CVE-2009-3049 | Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | Opera_browser | N/A |