CVE-2004-2491

LOW Year: 2004
CVSS v2 Score
2.6
Low
Weakness Type
CWE-362
View all →

Vulnerability Description

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

Related Vulnerabilities

CVE-2015-8556

CRITICAL
CVSS:10.0(Critical)

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

CWE-3622015

CVE-2017-2898

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be ins...

CWE-3622017

CVE-2020-1660

CRITICAL
CVSS:9.9(Critical)

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management ...

CWE-3622020

CVE-2016-0930

CRITICAL
CVSS:9.8(Critical)

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH a...

CWE-3622016

CVE-2019-2006

CRITICAL
CVSS:9.8(Critical)

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execut...

CWE-3622019

CVE-2021-32810

CRITICAL
CVSS:9.8(Critical)

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more t...

CWE-3622021