rpm package
opensuse/mariadb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweed
Vulnerabilities (125)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-4858 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. | ||
| CVE-2015-4836 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | ||
| CVE-2015-4830 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | ||
| CVE-2015-4826 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | ||
| CVE-2015-4815 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | ||
| CVE-2015-4807 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. | ||
| CVE-2015-4802 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | ||
| CVE-2015-4792 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | ||
| CVE-2012-5627 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Oct 1, 2013 | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force passwor | ||
| CVE-2013-1976 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Jul 9, 2013 | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) to | ||
| CVE-2012-4414 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Jan 22, 2013 | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vec | ||
| CVE-2012-5615 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Dec 3, 2012 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u | ||
| CVE-2012-5612 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Dec 3, 2012 | Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated | ||
| CVE-2012-5611 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Dec 3, 2012 | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenti | ||
| CVE-2009-4030 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Nov 30, 2009 | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables | ||
| CVE-2009-4028 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Nov 30, 2009 | The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a | ||
| CVE-2009-4019 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Nov 30, 2009 | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, whic | ||
| CVE-2008-7247 | — | < 10.0.22-3.8 | 10.0.22-3.8 | Nov 30, 2009 | sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) | ||
| CVE-2008-2079 | — | < 10.6.4-2.1 | 10.6.4-2.1 | May 5, 2008 | MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL | ||
| CVE-2007-6304 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Dec 10, 2007 | The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the mi |
- CVE-2015-4858Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
- CVE-2015-4836Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
- CVE-2015-4830Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
- CVE-2015-4826Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
- CVE-2015-4815Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
- CVE-2015-4807Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
- CVE-2015-4802Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
- CVE-2015-4792Oct 21, 2015affected < 10.0.22-3.8fixed 10.0.22-3.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
- CVE-2012-5627Oct 1, 2013affected < 10.0.22-3.8fixed 10.0.22-3.8
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force passwor
- CVE-2013-1976Jul 9, 2013affected < 10.0.22-3.8fixed 10.0.22-3.8
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) to
- CVE-2012-4414Jan 22, 2013affected < 10.0.22-3.8fixed 10.0.22-3.8
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vec
- CVE-2012-5615Dec 3, 2012affected < 10.0.22-3.8fixed 10.0.22-3.8
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u
- CVE-2012-5612Dec 3, 2012affected < 10.0.22-3.8fixed 10.0.22-3.8
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated
- CVE-2012-5611Dec 3, 2012affected < 10.0.22-3.8fixed 10.0.22-3.8
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenti
- CVE-2009-4030Nov 30, 2009affected < 10.0.22-3.8fixed 10.0.22-3.8
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables
- CVE-2009-4028Nov 30, 2009affected < 10.0.22-3.8fixed 10.0.22-3.8
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a
- CVE-2009-4019Nov 30, 2009affected < 10.0.22-3.8fixed 10.0.22-3.8
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, whic
- CVE-2008-7247Nov 30, 2009affected < 10.0.22-3.8fixed 10.0.22-3.8
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1)
- CVE-2008-2079May 5, 2008affected < 10.6.4-2.1fixed 10.6.4-2.1
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL
- CVE-2007-6304Dec 10, 2007affected < 10.6.4-2.1fixed 10.6.4-2.1
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the mi
Page 6 of 7