📦

opera

Vendor: opera

Actively Exploited 0 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 6 Remote Access

Total CVEs 21 Total Indexed

Avg. EPSS 7.33% Exploit Prob.

Latest CVE CVE-2020-6159 Dec 23

Security Vulnerability Index

Page 2 / 3

9.3 CVSS

CVE-2008-4794

RCE

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

EPSS: 2.25%

Severity: HIGH

Oct 30, 2008

4.3 CVSS

CVE-2008-4696

Exploit Found

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

EPSS: 62.12%

Severity: MEDIUM

Oct 23, 2008

9.3 CVSS

CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

EPSS: 3.20%

Severity: HIGH

Oct 23, 2008

10.0 CVSS

CVE-2008-4293

RCE

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.

EPSS: 6.35%

Severity: HIGH

Sep 27, 2008

6.8 CVSS

CVE-2008-3172

Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."

EPSS: 0.58%

Severity: MEDIUM

Jul 14, 2008

10.0 CVSS

CVE-2008-3079

RCE

Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.

EPSS: 0.75%

Severity: HIGH

Jul 09, 2008

9.3 CVSS

CVE-2008-1761

RCE

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

EPSS: 8.61%

Severity: HIGH

Apr 12, 2008

9.3 CVSS

CVE-2008-1764

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

EPSS: 0.69%

Severity: HIGH

Apr 12, 2008

4.3 CVSS

CVE-2003-1561

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

EPSS: 0.25%

Severity: MEDIUM

Dec 31, 2003

Displaying 9 of 21 Total Entries

1 2 3

Total 3 Sections