This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opera First view 2005-09-21
Product Opera Browser Last view 2019-03-21
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:opera:opera_browser

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2019-03-21 CVE-2018-18913

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.

5.3 2016-09-06 CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

3.7 2015-05-20 CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

4.3 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

4.3 2014-02-06 CVE-2014-1870

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.

4.3 2014-02-06 CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

4.3 2013-09-13 CVE-2013-4705

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

10 2013-04-19 CVE-2013-3211

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

5 2013-04-19 CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

5.9 2013-03-15 CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

6.8 2013-02-08 CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

9.3 2013-02-08 CVE-2013-1638

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

9.3 2013-02-08 CVE-2013-1637

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

4 2013-02-08 CVE-2013-1618

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.6 2013-01-02 CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.

5 2013-01-02 CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

9.3 2013-01-02 CVE-2012-6470

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

5 2013-01-02 CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

9.3 2013-01-02 CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.

4.3 2013-01-02 CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.

5 2013-01-02 CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.

9.3 2013-01-02 CVE-2012-6465

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.

4.3 2013-01-02 CVE-2012-6464

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.

4.3 2013-01-02 CVE-2012-6463

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.

5 2013-01-02 CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.

CWE : Common Weakness Enumeration

%idName
17% (25) CWE-20 Improper Input Validation
16% (23) CWE-264 Permissions, Privileges, and Access Controls
15% (21) CWE-399 Resource Management Errors
11% (16) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (15) CWE-200 Information Exposure
7% (10) CWE-310 Cryptographic Issues
6% (9) CWE-94 Failure to Control Generation of Code ('Code Injection')
5% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (4) CWE-287 Improper Authentication
1% (2) CWE-189 Numeric Errors
1% (2) CWE-16 Configuration
0% (1) CWE-426 Untrusted Search Path
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-255 Credentials Management
0% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-172 Time and State Attacks
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77617 Opera Unspecified Resource Consumption Remote DoS
77616 Opera Web Workers Unspecified Remote DoS
77615 Opera Dragonfly Unspecified Remote DoS
77614 Opera Certificate Revocation Corner Cases Unspecified Remote Issue
77552 Opera Same Origin Policy Bypass in Operator Variable Enumeration
77551 Opera Top Level Domain Restriction Cookie Handling Information Disclosure
77550 Opera Unspecified Remote Issue
77540 Opera Cache Objects IFRAME Handling Browsing History Disclosure
74828 Opera Web Content Security Display Weakness
74176 Opera VEGAOpBitmap::AddLine Function SELECT Element Invalid Memory Write DoS
73857 Opera Embedded Java Applet Empty Parameter Value DoS
73856 Opera Hidden Animated GIF Continual Repaint CPU Consumption DoS
73855 Opera Unspecified Application Crash Remote DoS (2011-2638)
73854 Opera Unspecified Application Crash Remote DoS (2011-2637)
73853 Opera Unspecified Application Crash Remote DoS (2011-2636)
73852 Opera CSS Floated Element :hover Pseudo-class DoS
73851 Opera Search / Customization Hijacking Weakness
73850 Opera Certificate Revocation List (CRL) File Unspecified Remote DoS
73849 Opera Silverlight Instance Destruction Handling Remote DoS
73848 Opera CSS Column-count Property Infinite Repaint Loop Remote DoS
73847 Opera Easy Sticky Note Extension Pop-up Reload DoS
73846 Opera Unspecified Application Crash Remote DoS (2011-2629)
73845 Opera DOM Implementation Application Crash DoS
73844 Opera IFRAME Element SRC Attribute Script Injection DoS
73843 Opera SELECT Element Multiple OPTION Element DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for opera openSUSE-SU-2012:0610-1 (opera)
File : nvt/gb_suse_2012_0610_1.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-11 (opera)
File : nvt/glsa_201209_11.nasl
2012-09-03 Name : Opera Address Bar Spoofing Vulnerability (Windows)
File : nvt/gb_opera_address_bar_spoofing_vuln_win.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-03 (Opera)
File : nvt/glsa_201206_03.nasl
2012-08-08 Name : Opera Multiple Vulnerabilities - August12 (Linux)
File : nvt/gb_opera_mult_vuln_aug12_lin.nasl
2012-08-08 Name : Opera Multiple Vulnerabilities - August12 (Mac OS X)
File : nvt/gb_opera_mult_vuln_aug12_macosx.nasl
2012-08-08 Name : Opera Multiple Vulnerabilities - August12 (Windows)
File : nvt/gb_opera_mult_vuln_aug12_win.nasl
2012-08-08 Name : Opera Multiple Vulnerabilities - August12 (Mac OS X)
File : nvt/gb_opera_show_page_dos_vuln_macosx.nasl
2012-06-22 Name : Opera Unspecified Vulnerability - June12 (Mac OS X)
File : nvt/gb_opera_unspecified_vuln_macosx.nasl
2012-06-21 Name : Opera Multiple Denial of Service Vulnerabilities - June12 (Linux)
File : nvt/gb_opera_mult_dos_vuln_june12_lin.nasl
2012-06-21 Name : Opera Multiple Denial of Service Vulnerabilities - June12 (Mac OS X)
File : nvt/gb_opera_mult_dos_vuln_june12_macosx.nasl
2012-06-21 Name : Opera Multiple Denial of Service Vulnerabilities - June12 (Windows)
File : nvt/gb_opera_mult_dos_vuln_june12_win.nasl
2012-06-21 Name : Opera Multiple Vulnerabilities - June12 (Linux)
File : nvt/gb_opera_mult_vuln_june12_lin.nasl
2012-06-21 Name : Opera Multiple Vulnerabilities - June12 (Mac OS X)
File : nvt/gb_opera_mult_vuln_june12_macosx.nasl
2012-06-21 Name : Opera Multiple Vulnerabilities - June12 (Windows)
File : nvt/gb_opera_mult_vuln_june12_win.nasl
2012-06-21 Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Linux)
File : nvt/gb_opera_url_code_exec_vuln_lin.nasl
2012-06-21 Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Mac OS X)
File : nvt/gb_opera_url_code_exec_vuln_macosx.nasl
2012-06-21 Name : Opera URL Processing Arbitrary Code Execution Vulnerability (Windows)
File : nvt/gb_opera_url_code_exec_vuln_win.nasl
2012-06-12 Name : Opera 'X.509' Certificates Spoofing Vulnerability (Linux)
File : nvt/gb_opera_x509_cert_spoofing_vuln_lin.nasl
2012-06-12 Name : Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)
File : nvt/gb_opera_x509_cert_spoofing_vuln_macosx.nasl
2012-06-12 Name : Opera 'X.509' Certificates Spoofing Vulnerability (Windows)
File : nvt/gb_opera_x509_cert_spoofing_vuln_win.nasl
2012-04-19 Name : Opera Browser Multiple Vulnerabilities-01 July-11 (Mac OS X)
File : nvt/gb_opera_mult_vuln1_macosx_july11.nasl
2012-04-19 Name : Opera Browser Multiple Vulnerabilities-02 July-11 (Mac OS X)
File : nvt/gb_opera_mult_vuln2_macosx_july11.nasl
2012-04-19 Name : Opera Browser Multiple Vulnerabilities July-11 (Mac OS X)
File : nvt/gb_opera_mult_vuln_macosx_july11.nasl
2012-04-19 Name : Opera Browser Multiple Vulnerabilities October-10 (Mac OS X)
File : nvt/gb_opera_mult_vuln_oct10_macosx.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-03-12 Opera GIF parsing buffer overflow attempt
RuleID : 49115 - Type : BROWSER-OTHER - Revision : 1
2019-03-12 Opera GIF parsing buffer underflow attempt
RuleID : 49114 - Type : BROWSER-OTHER - Revision : 2
2019-03-12 Opera GIF parsing buffer overflow attempt
RuleID : 49113 - Type : BROWSER-OTHER - Revision : 1
2019-03-12 Opera GIF parsing buffer underflow attempt
RuleID : 49112 - Type : BROWSER-OTHER - Revision : 2
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2017-04-06 SSLv3 Client Hello attempt
RuleID : 41807 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4
2015-05-21 Opera SVG use after free memory corruption attempt
RuleID : 34171 - Type : BROWSER-OTHER - Revision : 4
2015-05-21 Opera SVG use after free memory corruption attempt
RuleID : 34170 - Type : BROWSER-OTHER - Revision : 3
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33806 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33805 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33804 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33803 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33802 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33801 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33800 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33799 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33798 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33797 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2017-01-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO
2016-10-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3688.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2385-1.nasl - Type: ACT_GATHER_INFO
2016-09-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1064.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2209-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1618-1.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_jul_2016.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: A video conferencing application running on the remote host is affected by mu...
File: cisco_telepresence_vcs_multiple_880.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO
2016-06-16 Name: The remote host is affected by a security feature bypass vulnerability.
File: ibm_storwize_cve_2015_2808.nasl - Type: ACT_GATHER_INFO
2016-06-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-507.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote device is affected by multiple vulnerabilities.
File: cisco_ace_A5_3_3.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201605-06.nasl - Type: ACT_GATHER_INFO
2016-05-13 Name: A web application running on the remote host is affected by multiple vulnerab...
File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO
2016-04-29 Name: The remote host is affected by multiple vulnerabilities.
File: hp_data_protector_hpsbgn03580.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5_4.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201603-11.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote AIX host has a version of OpenSSL installed that is affected by mu...
File: aix_openssl_advisory17.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U867669.nasl - Type: ACT_GATHER_INFO
2016-02-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-218.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-215.nasl - Type: ACT_GATHER_INFO
2016-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-102.nasl - Type: ACT_GATHER_INFO
2016-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-104.nasl - Type: ACT_GATHER_INFO
2016-02-02 Name: The remote service is affected by multiple vulnerabilities.
File: openssl_1_0_1r.nasl - Type: ACT_GATHER_INFO