Vulnerabilities > Mariadb

DATE CVE VULNERABILITY TITLE RISK
2016-01-22 CVE-2015-7744 wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
network
high complexity
wolfssl opensuse mariadb
5.9
2016-01-21 CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
opensuse oracle mariadb
6.5
2014-06-05 CVE-2014-0224 Inadequate Encryption Strength vulnerability in multiple products
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
7.4
2013-01-17 CVE-2013-0375 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
network
low complexity
oracle mariadb canonical redhat
5.4