| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. |
| Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. |
| Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site. |
| Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue." |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. |
| Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. |
| Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." |
| Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document. |
| Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. |
| The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. |
| The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
| Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. |
| The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. |
| The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. |
| Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. |
| Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. |
| Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. |
| Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. |
| Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. |
