Opera Opera_browser
154 CVEs affecting Opera Opera_browser. Latest disclosed: 2017-04-21. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-8960 | High | 8.1 | 2016-09-21 | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not di… |
CVE-2016-4075 | Medium | 6.1 | 2017-04-21 | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. |
CVE-2016-6908 | Medium | 6.1 | 2017-01-26 | Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of… |
CVE-2016-7153 | Medium | 5.3 | 2016-09-06 | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote att… |
CVE-2015-4000 | Low | 3.7 | 2015-05-21 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which… |
CVE-2014-1870 | | 2014-02-06 | Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | |
CVE-2014-0815 | | 2014-02-06 | The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by readin… | |
CVE-2013-4705 | | 2013-09-13 | Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | |
CVE-2013-3211 | | 2013-04-19 | Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." | |
CVE-2013-3210 | | 2013-04-19 | Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging… | |
CVE-2013-1618 | | 2013-02-08 | The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed… | |
CVE-2013-1639 | | 2013-02-08 | Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a craft… | |
CVE-2013-1638 | | 2013-02-08 | Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | |
CVE-2013-1637 | | 2013-02-08 | Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | |
CVE-2013-1489 | | 2013-01-31 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet E… | |
CVE-2012-6472 | | 2013-01-02 | Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache fil… | |
CVE-2012-6471 | | 2013-01-02 | Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | |
CVE-2012-6470 | | 2013-01-02 | Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memo… | |
CVE-2012-6469 | | 2013-01-02 | Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |
CVE-2012-6468 | | 2013-01-02 | Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long… |