rpm package
suse/mariadb&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (126)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-0224 | Hig | 7.4 | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequen | |
| CVE-2014-0221 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | ||
| CVE-2014-0195 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Jun 5, 2014 | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of servi | ||
| CVE-2014-0198 | — | < 10.0.16-15.1 | 10.0.16-15.1 | May 6, 2014 | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and appli | ||
| CVE-2010-5298 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Apr 14, 2014 | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multit | ||
| CVE-2012-5615 | — | < 10.0.16-15.1 | 10.0.16-15.1 | Dec 3, 2012 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u |
- affected < 10.0.16-15.1fixed 10.0.16-15.1
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequen
- CVE-2014-0221Jun 5, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
- CVE-2014-0195Jun 5, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of servi
- CVE-2014-0198May 6, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and appli
- CVE-2010-5298Apr 14, 2014affected < 10.0.16-15.1fixed 10.0.16-15.1
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multit
- CVE-2012-5615Dec 3, 2012affected < 10.0.16-15.1fixed 10.0.16-15.1
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u
Page 7 of 7