ReportizFlow
Filtered by vendor Opera
Subscriptions
Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | ||||
| CVE-2008-7245 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | ||||
| CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2026-04-23 | N/A |
| AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | ||||
| CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2026-04-23 | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
| CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2007-3929 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | ||||
| CVE-2008-4196 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4199 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | ||||
| CVE-2008-4794 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. | ||||
| CVE-2008-4293 | 2 Microsoft, Opera | 2 Windows, Opera | 2026-04-23 | N/A |
| Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. | ||||
| CVE-2007-5276 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. | ||||
| CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | ||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | ||||
| CVE-2005-0233 | 5 Mozilla, Omnigroup, Opera and 2 more | 7 Camino, Firefox, Mozilla and 4 more | 2026-04-16 | N/A |
| The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||||
| CVE-2006-3353 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. | ||||
| CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2026-04-16 | N/A |
| Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | ||||
| CVE-2004-2570 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. | ||||
| CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | ||||
| CVE-2004-2083 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing." | ||||
| CVE-2004-1810 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array. | ||||