rpm package
suse/libqt4-sql-plugins&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (57)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3216 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jul 7, 2015 | Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (applicati | ||
| CVE-2015-1792 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jun 12, 2015 | The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as | ||
| CVE-2015-1791 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jun 12, 2015 | Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and a | ||
| CVE-2015-1790 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jun 12, 2015 | The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses A | ||
| CVE-2015-1789 | Hig | 7.5 | < 4.8.6-7.1 | 4.8.6-7.1 | Jun 12, 2015 | The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIM | |
| CVE-2015-1788 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jun 12, 2015 | The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote att | ||
| CVE-2015-4000 | Low | 3.7 | < 4.8.6-7.1 | 4.8.6-7.1 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D | |
| CVE-2015-1860 | — | < 4.8.6-4.1 | 4.8.6-4.1 | May 12, 2015 | Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. | ||
| CVE-2015-1859 | — | < 4.8.6-4.1 | 4.8.6-4.1 | May 12, 2015 | Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. | ||
| CVE-2015-1858 | — | < 4.8.6-4.1 | 4.8.6-4.1 | May 12, 2015 | Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. | ||
| CVE-2015-0295 | — | < 4.8.6-4.1 | 4.8.6-4.1 | Mar 25, 2015 | The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. | ||
| CVE-2015-0293 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | ||
| CVE-2015-0292 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspec | ||
| CVE-2015-0289 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by lev | ||
| CVE-2015-0288 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. | ||
| CVE-2015-0287 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera | ||
| CVE-2015-0286 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation a | ||
| CVE-2015-0209 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 19, 2015 | Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or | ||
| CVE-2015-0205 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 9, 2015 | The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowled | ||
| CVE-2015-0204 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 9, 2015 | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncomp |
- CVE-2015-3216Jul 7, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (applicati
- CVE-2015-1792Jun 12, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as
- CVE-2015-1791Jun 12, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and a
- CVE-2015-1790Jun 12, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses A
- affected < 4.8.6-7.1fixed 4.8.6-7.1
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIM
- CVE-2015-1788Jun 12, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote att
- affected < 4.8.6-7.1fixed 4.8.6-7.1
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
- CVE-2015-1860May 12, 2015affected < 4.8.6-4.1fixed 4.8.6-4.1
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
- CVE-2015-1859May 12, 2015affected < 4.8.6-4.1fixed 4.8.6-4.1
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
- CVE-2015-1858May 12, 2015affected < 4.8.6-4.1fixed 4.8.6-4.1
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
- CVE-2015-0295Mar 25, 2015affected < 4.8.6-4.1fixed 4.8.6-4.1
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
- CVE-2015-0293Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
- CVE-2015-0292Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspec
- CVE-2015-0289Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by lev
- CVE-2015-0288Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
- CVE-2015-0287Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera
- CVE-2015-0286Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation a
- CVE-2015-0209Mar 19, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or
- CVE-2015-0205Jan 9, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowled
- CVE-2015-0204Jan 9, 2015affected < 4.8.6-7.1fixed 4.8.6-7.1
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncomp
Page 1 of 3