rpm package
suse/python-mysqlclient&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (219)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-4792 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | ||
| CVE-2012-5627 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Oct 1, 2013 | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force passwor | ||
| CVE-2013-1976 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Jul 9, 2013 | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) to | ||
| CVE-2012-4414 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Jan 22, 2013 | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vec | ||
| CVE-2012-5615 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 3, 2012 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u | ||
| CVE-2012-5612 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 3, 2012 | Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated | ||
| CVE-2012-5611 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 3, 2012 | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenti | ||
| CVE-2009-4030 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Nov 30, 2009 | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables | ||
| CVE-2009-4028 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Nov 30, 2009 | The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a | ||
| CVE-2009-4019 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Nov 30, 2009 | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, whic | ||
| CVE-2008-7247 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Nov 30, 2009 | sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) | ||
| CVE-2008-2079 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | May 5, 2008 | MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL | ||
| CVE-2007-6304 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 10, 2007 | The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the mi | ||
| CVE-2007-6303 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 10, 2007 | MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW state | ||
| CVE-2007-5970 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 10, 2007 | MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a tabl | ||
| CVE-2007-5969 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Dec 10, 2007 | MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to | ||
| CVE-2006-4227 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Aug 18, 2006 | MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT E | ||
| CVE-2006-4226 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Aug 18, 2006 | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | ||
| CVE-2006-0903 | — | < 1.3.14-8.9.2 | 1.3.14-8.9.2 | Feb 27, 2006 | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states |
- CVE-2015-4792Oct 21, 2015affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
- CVE-2012-5627Oct 1, 2013affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force passwor
- CVE-2013-1976Jul 9, 2013affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) to
- CVE-2012-4414Jan 22, 2013affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vec
- CVE-2012-5615Dec 3, 2012affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid u
- CVE-2012-5612Dec 3, 2012affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated
- CVE-2012-5611Dec 3, 2012affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenti
- CVE-2009-4030Nov 30, 2009affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables
- CVE-2009-4028Nov 30, 2009affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a
- CVE-2009-4019Nov 30, 2009affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, whic
- CVE-2008-7247Nov 30, 2009affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1)
- CVE-2008-2079May 5, 2008affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL
- CVE-2007-6304Dec 10, 2007affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the mi
- CVE-2007-6303Dec 10, 2007affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW state
- CVE-2007-5970Dec 10, 2007affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a tabl
- CVE-2007-5969Dec 10, 2007affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to
- CVE-2006-4227Aug 18, 2006affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT E
- CVE-2006-4226Aug 18, 2006affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
- CVE-2006-0903Feb 27, 2006affected < 1.3.14-8.9.2fixed 1.3.14-8.9.2
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states
Page 11 of 11