rpm package

suse/mariadb&distro=SUSE Linux Enterprise Server for SAP Applications 12

pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Vulnerabilities (126)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-3243	Med	4.4	< 10.0.29-20.23.1	10.0.29-20.23.1	Jan 27, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2017-3238	Med	6.5	< 10.0.29-20.23.1	10.0.29-20.23.1	Jan 27, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acce
CVE-2016-6664	Hig	7.0	< 10.0.29-20.23.1	10.0.29-20.23.1	Dec 13, 2016	mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before
CVE-2016-6663	Hig	7.0	< 10.0.28-20.16.2	10.0.28-20.16.2	Dec 13, 2016	Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Perco
CVE-2016-7440	Med	5.5	< 10.0.28-20.16.2	10.0.28-20.16.2	Dec 13, 2016	The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVE-2016-8283	Med	4.3	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-5629	Med	4.9	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-5626	Med	6.5	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5624	Med	6.5	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5584	Med	4.4	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
CVE-2016-3492	Med	6.5	< 10.0.28-20.16.2	10.0.28-20.16.2	Oct 25, 2016	Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-6662	Cri	9.8	< 10.0.27-20.13.1	10.0.27-20.13.1	Sep 20, 2016	Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary c
CVE-2016-5440	Med	4.9	< 10.0.26-20.10.2	10.0.26-20.10.2	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
CVE-2016-3615	Med	5.3	< 10.0.26-20.10.2	10.0.26-20.10.2	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
CVE-2016-3521	Med	6.5	< 10.0.26-20.10.2	10.0.26-20.10.2	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-3477	Hig	8.1	< 10.0.26-20.10.2	10.0.26-20.10.2	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Se
CVE-2015-3152	Med	5.9	< 10.0.20-18.1	10.0.20-18.1	May 16, 2016	Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack
CVE-2016-0668	Med	4.1	< 10.0.25-20.6.1	10.0.25-20.6.1	Apr 21, 2016	Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0666	Med	5.5	< 10.0.25-20.6.1	10.0.25-20.6.1	Apr 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
CVE-2016-0655	Med	4.7	< 10.0.25-20.6.1	10.0.25-20.6.1	Apr 21, 2016	Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

CVE-2017-3243MedJan 27, 2017
affected < 10.0.29-20.23.1fixed 10.0.29-20.23.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2017-3238MedJan 27, 2017
affected < 10.0.29-20.23.1fixed 10.0.29-20.23.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acce
CVE-2016-6664HigDec 13, 2016
affected < 10.0.29-20.23.1fixed 10.0.29-20.23.1
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before
CVE-2016-6663HigDec 13, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Perco
CVE-2016-7440MedDec 13, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVE-2016-8283MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-5629MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-5626MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5624MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5584MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
CVE-2016-3492MedOct 25, 2016
affected < 10.0.28-20.16.2fixed 10.0.28-20.16.2
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-6662CriSep 20, 2016
affected < 10.0.27-20.13.1fixed 10.0.27-20.13.1
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary c
CVE-2016-5440MedJul 21, 2016
affected < 10.0.26-20.10.2fixed 10.0.26-20.10.2
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
CVE-2016-3615MedJul 21, 2016
affected < 10.0.26-20.10.2fixed 10.0.26-20.10.2
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
CVE-2016-3521MedJul 21, 2016
affected < 10.0.26-20.10.2fixed 10.0.26-20.10.2
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-3477HigJul 21, 2016
affected < 10.0.26-20.10.2fixed 10.0.26-20.10.2
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Se
CVE-2015-3152MedMay 16, 2016
affected < 10.0.20-18.1fixed 10.0.20-18.1
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack
CVE-2016-0668MedApr 21, 2016
affected < 10.0.25-20.6.1fixed 10.0.25-20.6.1
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0666MedApr 21, 2016
affected < 10.0.25-20.6.1fixed 10.0.25-20.6.1
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
CVE-2016-0655MedApr 21, 2016
affected < 10.0.25-20.6.1fixed 10.0.25-20.6.1
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

Page 2 of 7