Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-16	CVE-2015-3152	Improper Certificate Validation vulnerability in multiple products Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. network oracle mariadb fedoraproject debian redhat php CWE-295	4.3
2016-05-05	CVE-2016-3718	Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse CWE-918	5.5
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5
2016-04-21	CVE-2016-0642	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. network oracle suse opensuse redhat mariadb debian canonical	4.3
2016-02-13	CVE-2015-8631	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. network low complexity mit opensuse debian redhat oracle CWE-772	4.0
2015-10-21	CVE-2015-4879	Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. network high complexity oracle debian canonical mariadb redhat fedoraproject	4.6
2015-10-21	CVE-2015-4870	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. network low complexity oracle opensuse mariadb canonical debian redhat fedoraproject	4.0
2015-10-21	CVE-2015-4858	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. network low complexity oracle opensuse mariadb canonical debian redhat fedoraproject	4.0
2015-10-21	CVE-2015-4830	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. network low complexity oracle mariadb canonical debian suse redhat opensuse fedoraproject	4.0
2015-10-21	CVE-2015-4826	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. network low complexity oracle opensuse mariadb canonical debian redhat fedoraproject	4.0