Vulnerabilities
Vulnerable Software
Opera:  >> Opera Browser  >> 11.11  Security Vulnerabilities
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-07-01
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.
CVSS Score
4.3
EPSS Score
0.02
Published
2011-07-01
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
CVSS Score
4.3
EPSS Score
0.005
Published
2010-02-18
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVSS Score
9.3
EPSS Score
0.002
Published
2009-05-11
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
CVSS Score
2.6
EPSS Score
0.048
Published
2007-10-08


Contact Us

Shodan ® - All rights reserved