rpm package
suse/libqt4-sql-plugins&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (57)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-2333 | — | < 4.8.6-7.1 | 4.8.6-7.1 | May 14, 2012 | Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TL | ||
| CVE-2012-2110 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Apr 19, 2012 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corrup | ||
| CVE-2012-1165 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 15, 2012 | The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. | ||
| CVE-2012-0884 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Mar 13, 2012 | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptiv | ||
| CVE-2006-7250 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Feb 29, 2012 | The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. | ||
| CVE-2012-0050 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 19, 2012 | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. | ||
| CVE-2011-4619 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 6, 2012 | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| CVE-2011-4577 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 6, 2012 | OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (A | ||
| CVE-2011-4576 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 6, 2012 | The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||
| CVE-2011-4109 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 6, 2012 | Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. | ||
| CVE-2011-4108 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Jan 6, 2012 | The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | ||
| CVE-2011-3210 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Sep 22, 2011 | The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order mess | ||
| CVE-2011-1945 | — | < 4.8.6-7.1 | 4.8.6-7.1 | May 31, 2011 | The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent | ||
| CVE-2011-0014 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Feb 19, 2011 | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-b | ||
| CVE-2010-4180 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Dec 6, 2010 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involv | ||
| CVE-2010-3864 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Nov 17, 2010 | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, | ||
| CVE-2010-2939 | — | < 4.8.6-7.1 | 4.8.6-7.1 | Aug 17, 2010 | Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitr |
- CVE-2012-2333May 14, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TL
- CVE-2012-2110Apr 19, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corrup
- CVE-2012-1165Mar 15, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
- CVE-2012-0884Mar 13, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptiv
- CVE-2006-7250Feb 29, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
- CVE-2012-0050Jan 19, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
- CVE-2011-4619Jan 6, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
- CVE-2011-4577Jan 6, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (A
- CVE-2011-4576Jan 6, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
- CVE-2011-4109Jan 6, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
- CVE-2011-4108Jan 6, 2012affected < 4.8.6-7.1fixed 4.8.6-7.1
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
- CVE-2011-3210Sep 22, 2011affected < 4.8.6-7.1fixed 4.8.6-7.1
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order mess
- CVE-2011-1945May 31, 2011affected < 4.8.6-7.1fixed 4.8.6-7.1
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent
- CVE-2011-0014Feb 19, 2011affected < 4.8.6-7.1fixed 4.8.6-7.1
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-b
- CVE-2010-4180Dec 6, 2010affected < 4.8.6-7.1fixed 4.8.6-7.1
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involv
- CVE-2010-3864Nov 17, 2010affected < 4.8.6-7.1fixed 4.8.6-7.1
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow,
- CVE-2010-2939Aug 17, 2010affected < 4.8.6-7.1fixed 4.8.6-7.1
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitr
Page 3 of 3