CVE-2012-3560
published 2012-06-14CVE-2012-3560: Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.00%
78.3th percentile
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
Affected
82 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | <= 11.64 | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-2749 mysql: crash caused by wrong calculation of key length for sort order index
bugzilla·2012-06-20·CVSS 4.0
CVE-2012-2749 [MEDIUM] CVE-2012-2749 mysql: crash caused by wrong calculation of key length for sort order index
CVE-2012-2749 mysql: crash caused by wrong calculation of key length for sort order index
MySQL versions 5.1.63 and 5.5.24 fix the following bug noted in the 5.1.63 release notes:
* Security Fix: Bug #59387 was fixed.
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
This bug is also fixed in 5.5.24, but not mentioned in the release notes or changelog.
Related upstream change is:
http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.16
Bug#11766300 59387: FAILING ASSERTION: CURSOR->POS_STATE == 1997660512 (BTR_PCUR_IS_POSITIONE
Bug#13639204 64111: CRASH ON SELECT SUBQUERY WITH NON UNIQUE INDEX
This issue allows non-admin database user with full SQL access to crash mysqld. Upstream commit explains issue details:
The crash happened due to wrong calculation of key
Bugzilla
CVE-2012-2102 mysql: Server crash on HANDLER READ NEXT after DELETE
bugzilla·2012-04-13·CVSS 3.5
CVE-2012-2102 [LOW] CVE-2012-2102 mysql: Server crash on HANDLER READ NEXT after DELETE
CVE-2012-2102 mysql: Server crash on HANDLER READ NEXT after DELETE
A denial of service flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated MySQL user could use this flaw to cause mysqld daemon abort (assertion failure).
References:
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
https://bugs.gentoo.org/show_bug.cgi?id=411503
http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/
http://www.openwall.com/lists/oss-security/2012/04/13/7
Upstream commit:
http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.8.4
http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15
Discussion:
Created mysql trac
http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/http://www.opera.com/docs/changelogs/mac/1165/http://www.opera.com/docs/changelogs/mac/1200/http://www.opera.com/docs/changelogs/unix/1200/http://www.opera.com/docs/changelogs/windows/1200/http://www.opera.com/support/kb/view/1022/http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/http://www.opera.com/docs/changelogs/mac/1165/http://www.opera.com/docs/changelogs/mac/1200/http://www.opera.com/docs/changelogs/unix/1200/http://www.opera.com/docs/changelogs/windows/1200/http://www.opera.com/support/kb/view/1022/
2012-06-14
Published