U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:suse:linux_enterprise_desktop:12:-
There are 89 matching records.
Displaying matches 81 through 89.
Vuln ID Summary CVSS Severity
CVE-2014-4287

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.

Published: October 15, 2014; 11:55:06 AM -0400 		V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

Published: July 17, 2014; 7:17:10 AM -0400 		V3.x:(not available)
 V2.0: 5.5 MEDIUM
CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Published: July 17, 2014; 7:17:10 AM -0400 		V3.x:(not available)
 V2.0: 6.5 MEDIUM
CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Published: July 17, 2014; 1:10:15 AM -0400 		V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

Published: July 17, 2014; 1:10:15 AM -0400 		V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Published: June 05, 2014; 5:55:07 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Published: June 05, 2014; 5:55:06 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2014-0198

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Published: May 06, 2014; 6:44:05 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Published: April 14, 2014; 6:38:08 PM -0400 		V3.x:(not available)
 V2.0: 4.0 MEDIUM