Vulnerabilities > Opera > Opera Browser > 10.53

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2018-18913 Untrusted Search Path vulnerability in Opera Browser
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target.
6.9
2014-02-06 CVE-2014-1870 Unspecified vulnerability in Opera Browser
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
network
opera apple
4.3
2014-02-06 CVE-2014-0815 Information Exposure vulnerability in Opera Browser
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
network
opera google CWE-200
4.3
2013-09-13 CVE-2013-4705 Cross-Site Scripting vulnerability in Opera Browser
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.
network
opera CWE-79
4.3
2013-04-19 CVE-2013-3211 Unspecified vulnerability in Opera Browser
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
network
low complexity
opera
critical
10.0
2013-04-19 CVE-2013-3210 Information Exposure vulnerability in Opera Browser
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
network
low complexity
opera CWE-200
5.0
2013-02-08 CVE-2013-1618 Cryptographic Issues vulnerability in Opera Browser
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
network
high complexity
opera CWE-310
4.0
2013-02-08 CVE-2013-1639 Cross-Site Request Forgery (CSRF) vulnerability in Opera Browser
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
network
opera CWE-352
6.8
2013-02-08 CVE-2013-1638 Code Injection vulnerability in Opera Browser
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
network
opera CWE-94
critical
9.3
2013-02-08 CVE-2013-1637 Code Injection vulnerability in Opera Browser
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
network
opera CWE-94
critical
9.3