| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. |
| Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. |
| Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog. |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. |
| Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site. |
| Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update. |
| Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. |
| The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL. |
| Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru. |
| Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document. |
| Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page. |
| Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru. |
| The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn. |
| Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com. |
| Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. |
| Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout. |
| Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors. |
| Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview. |
| Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de. |
| Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. |
