Vulnerabilities > Opera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-19 | CVE-2013-3210 | Information Exposure vulnerability in Opera Browser Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. | 5.0 |
| 2013-02-08 | CVE-2013-1618 | Cryptographic Issues vulnerability in Opera Browser The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.0 |
| 2013-02-08 | CVE-2013-1639 | Cross-Site Request Forgery (CSRF) vulnerability in Opera Browser Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | 6.8 |
| 2013-02-08 | CVE-2013-1638 | Code Injection vulnerability in Opera Browser Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | 9.3 |
| 2013-02-08 | CVE-2013-1637 | Code Injection vulnerability in Opera Browser Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | 9.3 |
| 2013-01-02 | CVE-2012-6472 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file. | 4.6 |
| 2013-01-02 | CVE-2012-6471 | Unspecified vulnerability in Opera Browser Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | 5.0 |
| 2013-01-02 | CVE-2012-6470 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | 9.3 |
| 2013-01-02 | CVE-2012-6469 | Information Exposure vulnerability in Opera Browser Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | 5.0 |
| 2013-01-02 | CVE-2012-6468 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. | 9.3 |