Opera: >> Opera Browser Security Vulnerabilities
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
CVSS Score
5.0
EPSS Score
0.002
Published
2013-04-19
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
CVSS Score
10.0
EPSS Score
0.004
Published
2013-04-19
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVSS Score
4.0
EPSS Score
0.005
Published
2013-02-08
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
CVSS Score
9.3
EPSS Score
0.058
Published
2013-02-08
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
CVSS Score
9.3
EPSS Score
0.301
Published
2013-02-08
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
CVSS Score
6.8
EPSS Score
0.001
Published
2013-02-08
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
CVSS Score
10.0
EPSS Score
0.258
Published
2013-01-31
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-01-02
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
CVSS Score
9.3
EPSS Score
0.364
Published
2013-01-02
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
CVSS Score
5.0
EPSS Score
0.002
Published
2013-01-02