Vulnerabilities > Opera > Opera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-6159 | Cross-site Scripting vulnerability in Opera 52.1.2517.139570/54.0.2669.49432 URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. | 4.3 |
| 2020-03-12 | CVE-2019-12278 | Unspecified vulnerability in Opera 52.1.2517.139570 Opera through 53 on Android allows Address Bar Spoofing. network opera | 4.3 |
| 2019-12-18 | CVE-2019-19788 | Unspecified vulnerability in Opera 52.1.2517.139570 Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. | 2.1 |
| 2016-09-06 | CVE-2016-7152 | Information Exposure vulnerability in multiple products The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | 5.0 |
| 2012-09-07 | CVE-2010-5227 | Unspecified vulnerability in Opera Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. local opera | 6.9 |
| 2009-06-15 | CVE-2009-2068 | Improper Authentication vulnerability in Opera Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 5.8 |
| 2008-12-19 | CVE-2008-5679 | Resource Management Errors vulnerability in Opera The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | 9.3 |
| 2008-12-11 | CVE-2008-5428 | Resource Management Errors vulnerability in Opera 9.51 Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
| 2008-11-20 | CVE-2008-5178 | Buffer Errors vulnerability in Opera 9.62 Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. | 9.3 |
| 2008-10-30 | CVE-2008-4795 | Cross-Site Scripting vulnerability in Opera The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. | 4.3 |