Opera

Opera Browser

282 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-18913

  • EPSS 0.05%
  • Published 21.03.2019 22:29:00
  • Last modified 21.11.2024 03:56:51

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take...

4.3

CVE-2018-6608

  • EPSS 0.51%
  • Published 28.03.2018 21:29:00
  • Last modified 21.11.2024 04:10:59

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

6.1

CVE-2016-4075

Exploit
  • EPSS 0.3%
  • Published 21.04.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

6.1

CVE-2016-6908

  • EPSS 0.18%
  • Published 26.01.2017 15:59:00
  • Last modified 20.04.2025 01:37:25

Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered com...

5.3

CVE-2016-7153

  • EPSS 2.28%
  • Published 06.09.2016 10:59:01
  • Last modified 12.04.2025 10:46:40

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-pa...

4.3

CVE-2015-4000

  • EPSS 94.03%
  • Published 21.05.2015 00:59:00
  • Last modified 12.04.2025 10:46:40

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie...

4.3

CVE-2014-1870

  • EPSS 0.24%
  • Published 06.02.2014 23:55:04
  • Last modified 11.04.2025 00:51:21

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.

4.3

CVE-2014-0815

  • EPSS 0.38%
  • Published 06.02.2014 22:55:03
  • Last modified 11.04.2025 00:51:21

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

4.3

CVE-2013-4705

  • EPSS 0.25%
  • Published 13.09.2013 14:10:07
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

5

CVE-2013-3210

  • EPSS 0.23%
  • Published 19.04.2013 11:44:29
  • Last modified 11.04.2025 00:51:21

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.