MariaDB — ответвление от системы управления базами данных MySQL, разрабатываемое сообществом под лицензией GNU GPL.

Релизный цикл, информация об уязвимостях

Продукт: MariaDB

Вендор: mariadb

График релизов

Недавние уязвимости MariaDB

Количество 2 149

CVE-2014-0221

больше 11 лет назад

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CVSS2: 4.3

EPSS: Высокий

CVE-2014-0224

больше 11 лет назад

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS2: 5.8

EPSS: Критический

CVE-2014-3470

больше 11 лет назад

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

CVSS2: 4.3

EPSS: Критический

CVE-2014-0198

почти 12 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

CVSS2: 4.3

EPSS: Средний

CVE-2014-0198

почти 12 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...

CVSS2: 4.3

EPSS: Средний

CVE-2014-0198

почти 12 лет назад

CVSS2: 4.3

EPSS: Средний

CVE-2014-0198

почти 12 лет назад

CVSS2: 4.3

EPSS: Средний

CVE-2014-2440

почти 12 лет назад

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS2: 5.1

EPSS: Низкий

CVE-2014-2440

почти 12 лет назад

Unspecified vulnerability in the MySQL Client component in Oracle MySQ ...

CVSS2: 5.1

EPSS: Низкий

CVE-2014-2438

почти 12 лет назад

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

CVSS2: 3.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-0221 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.	CVSS2: 4.3	83% Высокий	больше 11 лет назад
CVE-2014-0224 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.	CVSS2: 5.8	93% Критический	больше 11 лет назад
CVE-2014-3470 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.	CVSS2: 4.3	91% Критический	больше 11 лет назад
CVE-2014-0198 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.	CVSS2: 4.3	31% Средний	почти 12 лет назад
CVE-2014-0198 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...	CVSS2: 4.3	31% Средний	почти 12 лет назад
CVE-2014-0198 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.	CVSS2: 4.3	31% Средний	почти 12 лет назад
CVE-2014-0198 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.	CVSS2: 4.3	31% Средний	почти 12 лет назад
CVE-2014-2440 Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.	CVSS2: 5.1	1% Низкий	почти 12 лет назад
CVE-2014-2440 Unspecified vulnerability in the MySQL Client component in Oracle MySQ ...	CVSS2: 5.1	1% Низкий	почти 12 лет назад
CVE-2014-2438 Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.	CVSS2: 3.5	1% Низкий	почти 12 лет назад

Уязвимостей на страницу