rpm package
suse/mariadb&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (92)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-4274 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Oct 15, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. | ||
| CVE-2014-4260 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jul 17, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. | ||
| CVE-2014-4258 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jul 17, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | ||
| CVE-2014-4207 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jul 17, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. | ||
| CVE-2014-2494 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jul 17, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. | ||
| CVE-2014-3470 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by trigge | ||
| CVE-2014-0224 | Hig | 7.4 | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequen | |
| CVE-2014-0221 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | ||
| CVE-2014-0195 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of servi | ||
| CVE-2014-0198 | — | < 10.0.16-15.1 | 10.0.16-15.1 | May 6, 2014 | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and appli | ||
| CVE-2010-5298 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Apr 14, 2014 | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multit | ||
| CVE-2012-5615 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Dec 3, 2012 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u |
- CVE-2014-4274Oct 15, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
- CVE-2014-4260Jul 17, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
- CVE-2014-4258Jul 17, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
- CVE-2014-4207Jul 17, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
- CVE-2014-2494Jul 17, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
- CVE-2014-3470Jun 5, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by trigge
- affected < 10.0.16-15.1fixed 10.0.16-15.1
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequen
- CVE-2014-0221Jun 5, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
- CVE-2014-0195Jun 5, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of servi
- CVE-2014-0198May 6, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and appli
- CVE-2010-5298Apr 14, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multit
- CVE-2012-5615Dec 3, 2012affected < 10.0.16-15.1fixed 10.0.16-15.1
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u
Page 5 of 5