ID CVE-2014-4258 Type cve Reporter NVD Modified 2017-08-28T21:34:55
Description
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
{"result": {"openvas": [{"id": "OPENVAS:1361412562310808131", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-19 Jun16 (Linux)", "description": "This host is running Oracle MySQL\n and is prone to multiple unspecified vulnerabilities.", "published": "2016-06-03T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808131", "cvelist": ["CVE-2014-4260", "CVE-2014-4258"], "lastseen": "2017-10-25T14:43:04"}, {"id": "OPENVAS:1361412562310804722", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)", "description": "This host is running Oracle MySQL and is prone to multiple unspecified\nvulnerabilities.", "published": "2014-07-24T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804722", "cvelist": ["CVE-2014-4260", "CVE-2014-4258"], "lastseen": "2017-10-25T14:32:51"}, {"id": "OPENVAS:1361412562310702985", "type": "openvas", "title": "Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "published": "2014-07-22T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702985", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2018-04-06T11:12:39"}, {"id": "OPENVAS:1361412562310841905", "type": "openvas", "title": "Ubuntu Update for mysql-5.5 USN-2291-1", "description": "Check for the Version of mysql-5.5", "published": "2014-07-21T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841905", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2018-04-09T11:12:28"}, {"id": "OPENVAS:702985", "type": "openvas", "title": "Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "published": "2014-07-22T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702985", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2017-08-02T10:49:14"}, {"id": "OPENVAS:1361412562310850819", "type": "openvas", "title": "SuSE Update for MySQL SUSE-SU-2014:1072-1 (MySQL)", "description": "Check the version of MySQL", "published": "2015-10-13T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850819", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "lastseen": "2017-12-12T11:16:30"}, {"id": "OPENVAS:1361412562310882083", "type": "openvas", "title": "CentOS Update for mariadb CESA-2014:1861 centos7 ", "description": "Check the version of mariadb", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882083", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-07-25T10:48:46"}, {"id": "OPENVAS:1361412562310871293", "type": "openvas", "title": "RedHat Update for mysql55-mysql RHSA-2014:1859-01", "description": "Check the version of mysql55-mysql", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871293", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-08-04T10:48:43"}, {"id": "OPENVAS:1361412562310123248", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1859", "description": "Oracle Linux Local Security Checks ELSA-2014-1859", "published": "2015-10-06T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123248", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-07-24T12:53:38"}, {"id": "OPENVAS:1361412562310882084", "type": "openvas", "title": "CentOS Update for mysql55-mysql CESA-2014:1859 centos5 ", "description": "Check the version of mysql55-mysql", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882084", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-08-04T10:48:58"}], "kaspersky": [{"id": "KLA10265", "type": "kaspersky", "title": "\r KLA10265Multiple vulnerabilities in MySQL\t\t\t ", "description": "### *CVSS*:\n6.5\n\n### *Detect date*:\n07/17/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nUnspecified vulnerabilities were found in MySQL Server. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely at vectors related to SRCHAR, SRINFOSC and ENFED.\n\n### *Affected products*:\nOracle MySQL Server versions 5.5.37 and earlier \nOracle MySQL Server 5.6 versions 5.6.17 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL](<https://threats.kaspersky.com/en/product/MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2014-4260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260>) \n[CVE-2014-4258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258>) \n[CVE-2014-4243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243>)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10265", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4243"], "lastseen": "2018-03-30T14:11:40"}], "debian": [{"id": "DSA-2985", "type": "debian", "title": "mysql-5.5 -- security update", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:\n\n * <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html>\n * <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html>\n\nFor the stable distribution (wheezy), these problems have been fixed in version 5.5.38-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.", "published": "2014-07-22T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2985", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2017-10-05T13:12:11"}], "ubuntu": [{"id": "USN-2291-1", "type": "ubuntu", "title": "MySQL vulnerabilities", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html> <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html>", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2291-1/", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2018-03-29T18:21:04"}], "nessus": [{"id": "DEBIAN_DSA-2985.NASL", "type": "nessus", "title": "Debian DSA-2985-1 : mysql-5.5 - security update", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 38.html\n - http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "published": "2014-07-23T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76690", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2017-10-29T13:37:01"}, {"id": "MYSQL_5_5_38.NASL", "type": "nessus", "title": "MySQL 5.5.x < 5.5.38 MySQL Multiple Vulnerabilities", "description": "The version of MySQL 5.5.x installed on the remote host is prior to 5.5.38. It is, therefore, affected by errors in the following components :\n\n - ENARC\n - SRCHAR\n - SRINFOSC\n - SROPTZR", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76529", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2017-10-29T13:43:34"}, {"id": "UBUNTU_USN-2291-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2291-1)", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.h tml.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-07-18T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76586", "cvelist": ["CVE-2014-4260", "CVE-2014-4258", "CVE-2014-2494", "CVE-2014-4207"], "lastseen": "2017-10-29T13:37:32"}, {"id": "MYSQL_5_6_19.NASL", "type": "nessus", "title": "MySQL 5.6.x < 5.6.19 Multiple Vulnerabilities", "description": "The version of MySQL 5.6.x installed on the remote host is prior to 5.6.19. It is, therefore, affected by vulnerabilities in the following components :\n\n - SRCHAR\n - SRFTS\n - SRINFOSC\n - SROPTZR\n - SRREP\n - SRREP\n - SRSP", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76530", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2484", "CVE-2014-4240"], "lastseen": "2017-10-29T13:42:18"}, {"id": "SUSE_11_LIBMYSQL55CLIENT18-140820.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)", "description": "This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 / CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 / CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 / CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "published": "2014-08-29T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77435", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "lastseen": "2017-10-29T13:36:46"}, {"id": "SUSE_11_LIBMYSQL55CLIENT18-140819.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)", "description": "This MySQL update provides the following :\n\n - upgrade to version 5.5.39, [bnc#887580]\n\n - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 / CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 / CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 / CVE-2014-4214 / CVE-2014-4243) See also:\n http://www.oracle.com/technetwork/topics/security/cpujul 2014-1972956.html", "published": "2014-08-29T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77434", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "lastseen": "2017-10-29T13:40:45"}, {"id": "ORACLELINUX_ELSA-2014-1861.NASL", "type": "nessus", "title": "Oracle Linux 7 : mariadb (ELSA-2014-1861)", "description": "From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "published": "2014-11-21T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79370", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:42:32"}, {"id": "SL_20141117_MARIADB_ON_SL7_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64", "description": "This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79304", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:37:50"}, {"id": "REDHAT-RHSA-2014-1861.NASL", "type": "nessus", "title": "RHEL 7 : mariadb (RHSA-2014:1861)", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79303", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:33:45"}, {"id": "CENTOS_RHSA-2014-1861.NASL", "type": "nessus", "title": "CentOS 7 : mariadb (CESA-2014:1861)", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79300", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:34:45"}], "suse": [{"id": "SUSE-SU-2014:1072-1", "type": "suse", "title": "Security update for MySQL (important)", "description": "This MySQL update provides the following:\n\n * upgrade to version 5.5.39, [bnc#887580]\n * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260,\n CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233,\n CVE-2014-4240, CVE-2014-4214, CVE-2014-4243\n\n See also:\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>\n <<a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\">http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html</a>>\n\n Security Issues:\n\n * CVE-2014-2484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484</a>>\n * CVE-2014-4258\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258</a>>\n * CVE-2014-4260\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260</a>>\n * CVE-2014-2494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494</a>>\n * CVE-2014-4238\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238</a>>\n * CVE-2014-4207\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207</a>>\n * CVE-2014-4233\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233</a>>\n * CVE-2014-4240\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240</a>>\n * CVE-2014-4214\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214</a>>\n * CVE-2014-4243\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243</a>>\n\n", "published": "2014-08-28T19:04:39", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "cvelist": ["CVE-2014-4238", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-4233", "CVE-2014-4214", "CVE-2014-2494", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2484", "CVE-2014-4240"], "lastseen": "2016-09-04T11:49:16"}, {"id": "SUSE-SU-2015:0743-1", "type": "suse", "title": "Security update for mariadb (important)", "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the "CCS Injection" vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "published": "2015-04-21T19:05:04", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-3470", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2010-5298", "CVE-2015-0382", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-6478", "CVE-2015-0374", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-4207", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2016-09-04T12:23:04"}], "redhat": [{"id": "RHSA-2014:1861", "type": "redhat", "title": "(RHSA-2014:1861) Important: mariadb security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1861", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-04-15T18:30:18"}, {"id": "RHSA-2014:1860", "type": "redhat", "title": "(RHSA-2014:1860) Important: mysql55-mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1860", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-28T05:49:11"}, {"id": "RHSA-2014:1862", "type": "redhat", "title": "(RHSA-2014:1862) Important: mariadb55-mariadb security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1862", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-28T07:55:45"}, {"id": "RHSA-2014:1937", "type": "redhat", "title": "(RHSA-2014:1937) Important: mariadb-galera security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "published": "2014-12-02T21:39:58", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1937", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-03-10T07:18:23"}, {"id": "RHSA-2014:1940", "type": "redhat", "title": "(RHSA-2014:1940) Important: mariadb-galera security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "published": "2014-12-02T21:44:45", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1940", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-19T19:50:20"}, {"id": "RHSA-2014:1859", "type": "redhat", "title": "(RHSA-2014:1859) Important: mysql55-mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1859", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2017-09-09T07:19:27"}], "oraclelinux": [{"id": "ELSA-2014-1859", "type": "oraclelinux", "title": "mysql55-mysql security update", "description": "[5.5.40-2]\nfilter perl(GD) from Requires (perl-gd is not available for RHEL5)\n Resolves: #1160514\n[5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160514", "published": "2014-11-17T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1859.html", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2016-09-04T11:17:12"}, {"id": "ELSA-2014-1861", "type": "oraclelinux", "title": "mariadb security update", "description": "[1:5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160548\n[1:5.5.37-1]\n- Rebase to 5.5.37\n https://kb.askmonty.org/en/mariadb-5537-changelog/\n Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431\n CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419\n Resolves: #1101062", "published": "2014-11-17T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1861.html", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-2440", "CVE-2014-4260", "CVE-2014-2432", "CVE-2014-2419", "CVE-2014-4258", "CVE-2014-2436", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-2431", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-2430", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2438", "CVE-2014-0384", "CVE-2014-4287"], "lastseen": "2016-09-04T11:16:47"}], "centos": [{"id": "CESA-2014:1861", "type": "centos", "title": "mariadb security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1861\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1861.html", "published": "2014-11-17T17:32:07", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-03T18:25:41"}, {"id": "CESA-2014:1859", "type": "centos", "title": "mysql55 security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1859\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1859.html", "published": "2014-11-17T17:35:05", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-03T18:25:28"}], "oracle": [{"id": "ORACLE:CPUJUL2014-1972956", "type": "oracle", "title": "Oracle Critical Patch Update - July 2014", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are generally cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 113 new security fixes across the product families listed below.\n\nPlease note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\nPlease note that on April 18, 2014, Oracle released a [Security Alert for CVE-2014-0160 OpenSSL \"Heartbleed\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html>). This Critical Patch Update includes an update to MySQL Enterprise Server 5.6 and this update includes a fix for vulnerability CVE-2014-0160. Customers of other Oracle products are strongly advised to apply the [fixes ](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) that were announced in the Security Alert for CVE-2014-0160.\n", "published": "2014-07-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2013-6449", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2013-2172", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2013-5605", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2013-1740", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-0099", "CVE-2013-6438", "CVE-2014-3470", "CVE-2014-2488", "CVE-2013-1739", "CVE-2014-4215", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-4209", "CVE-2013-6450", "CVE-2014-4245", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2461", "CVE-2014-1490", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4286", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-0195", "CVE-2014-4269", "CVE-2014-0198", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-0096", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-0075", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-1491", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-0221", "CVE-2014-2491", "CVE-2014-2495"], "lastseen": "2018-04-18T20:23:45"}]}}