CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. Multiple sec... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2494 – mysql: unspecified vulnerability related to ENARC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-2494
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con ENARC. Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix th... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 7CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
05 Jun 2014 — OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el proce... • https://packetstorm.news/files/id/180961 • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 3CVE-2014-0195 – OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0195
05 Jun 2014 — The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. La función dtls1_reassemble_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no valida debidamente lon... • https://packetstorm.news/files/id/180495 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 0CVE-2014-0221 – openssl: DoS when sending invalid DTLS handshake
https://notcve.org/view.php?id=CVE-2014-0221
05 Jun 2014 — The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DT... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 97%CPEs: 16EXPL: 0CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH
https://notcve.org/view.php?id=CVE-2014-3470
05 Jun 2014 — The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 61%CPEs: 13EXPL: 0CVE-2014-0198 – openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
https://notcve.org/view.php?id=CVE-2014-0198
05 May 2014 — The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. La función do_ssl3_write en s3_pkt.c en OpenSSL 1.x hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, no maneja debidamente un puntero de buffer durante ciertas... • http://advisories.mageia.org/MGASA-2014-0204.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 23EXPL: 0CVE-2014-2440 – Gentoo Linux Security Advisory 201409-04
https://notcve.org/view.php?id=CVE-2014-2440
16 Apr 2014 — Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente MySQL Client en Oracle MySQL 5.5.36 y anteriores y 5.6.16 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. Unspecified vulnerability in the MySQL Server component in... • http://rhn.redhat.com/errata/RHSA-2014-0522.html •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-2432 – mysql: unspecified DoS related to Federated (CPU April 2014)
https://notcve.org/view.php?id=CVE-2014-2432
16 Apr 2014 — Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. Vulnerabilidad no especificada en el componente de Oracle MySQL Server 5.5.35 y anteriores y 5.6.15 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Federated. Unspecified vulnerability in the MySQL Server component in Oracle MyS... • http://rhn.redhat.com/errata/RHSA-2014-0522.html •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-2430 – mysql: unspecified DoS related to Performance Schema (CPU April 2014)
https://notcve.org/view.php?id=CVE-2014-2430
16 Apr 2014 — Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.36 y anteriores y 5.6.16 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Performance Schema. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 ... • http://rhn.redhat.com/errata/RHSA-2014-0522.html •