{"id": "MYSQL_5_7_22_RPM.NASL", "bulletinFamily": "scanner", "title": "MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)", "description": "The version of MySQL running on the remote host is 5.7.x prior to\n5.7.22. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "published": "2018-04-19T00:00:00", "modified": "2018-04-19T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/109171", "reporter": "This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?64303a9a", "https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html", "http://www.nessus.org/u?76507bf8"], "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "type": "nessus", "lastseen": "2020-09-14T16:24:54", "edition": 20, "viewCount": 348, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K32702281", "F5:K71231825", "F5:K02212309", "F5:K82350223", "F5:K27992001", "F5:K03551138"]}, {"type": "nessus", "idList": ["FEDORA_2018-86026275EA.NASL", "FEDORA_2018-8B920C2B00.NASL", "FEDORA_2018-00E90783D2.NASL", "UBUNTU_USN-3629-1.NASL", "FREEBSD_PKG_57AEC168453E11E88777B499BAEBFEAF.NASL", "ALA_ALAS-2018-1026.NASL", "FEDORA_2018-7025A5C25D.NASL", "FEDORA_2018-2513B888A4.NASL", "UBUNTU_USN-3629-3.NASL", "MYSQL_5_7_22.NASL"]}, {"type": "amazon", "idList": ["ALAS-2018-1026", "ALAS-2018-1028", "ALAS-2018-1027"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874736", "OPENVAS:1361412562310852040", "OPENVAS:1361412562310843517", "OPENVAS:1361412562310813147", "OPENVAS:1361412562310813148", "OPENVAS:1361412562310843513", "OPENVAS:1361412562310874709", "OPENVAS:1361412562310813146", "OPENVAS:1361412562310874489", "OPENVAS:1361412562310851797"]}, {"type": "ubuntu", "idList": ["USN-3629-3", "USN-3629-1", "USN-3629-2"]}, {"type": "fedora", "idList": ["FEDORA:A4AB861361C8", "FEDORA:0CBE260E86FA", "FEDORA:8DE4F613FFDF", "FEDORA:5D69F601CACB", "FEDORA:C9D70604239F", "FEDORA:9509C6014637", "FEDORA:DDCB860779BD", "FEDORA:F1E6961A519A", "FEDORA:B87EA60769EE"]}, {"type": "freebsd", "idList": ["57AEC168-453E-11E8-8777-B499BAEBFEAF"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1595-1", "OPENSUSE-SU-2018:1800-1"]}, {"type": "redhat", "idList": ["RHSA-2018:1254"]}, {"type": "slackware", "idList": ["SSA-2018-130-01"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4176-1:98D3A", "DEBIAN:DLA-1355-1:BC9FB"]}, {"type": "cve", "idList": ["CVE-2018-2782", "CVE-2018-2777", "CVE-2018-2775", "CVE-2018-2758", "CVE-2018-2810", "CVE-2018-2784", "CVE-2018-2778", "CVE-2018-2846", "CVE-2018-2759", "CVE-2018-2839"]}], "modified": "2020-09-14T16:24:54", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-09-14T16:24:54", "rev": 2}, "vulnersScore": 6.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109171);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2758\",\n \"CVE-2018-2759\",\n \"CVE-2018-2761\",\n \"CVE-2018-2762\",\n \"CVE-2018-2766\",\n \"CVE-2018-2769\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2775\",\n \"CVE-2018-2776\",\n \"CVE-2018-2777\",\n \"CVE-2018-2778\",\n \"CVE-2018-2779\",\n \"CVE-2018-2780\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2786\",\n \"CVE-2018-2787\",\n \"CVE-2018-2810\",\n \"CVE-2018-2812\",\n \"CVE-2018-2813\",\n \"CVE-2018-2816\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\",\n \"CVE-2018-2839\",\n \"CVE-2018-2846\"\n );\n script_bugtraq_id(\n 103777,\n 103778,\n 103779,\n 103780,\n 103781,\n 103783,\n 103785,\n 103786,\n 103787,\n 103789,\n 103802,\n 103804,\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.22. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.22\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "naslFamily": "Databases", "pluginID": "109171", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "scheme": null, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}}

{"f5": [{"lastseen": "2019-11-20T23:51:52", "bulletinFamily": "software", "cvelist": ["CVE-2018-2817", "CVE-2018-2819", "CVE-2018-2818", "CVE-2018-2846", "CVE-2018-2839"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-24T17:13:00", "published": "2018-04-24T17:13:00", "id": "F5:K03551138", "href": "https://support.f5.com/csp/article/K03551138", "title": "MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-11-21T01:23:10", "bulletinFamily": "software", "cvelist": ["CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2758"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-25T00:37:00", "published": "2018-04-25T00:37:00", "id": "F5:K02212309", "href": "https://support.f5.com/csp/article/K02212309", "title": "MySQL vulnerabilities CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, and CVE-2018-2762", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-25T19:33:50", "bulletinFamily": "software", "cvelist": ["CVE-2018-2775", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2773"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-05-07T21:14:00", "published": "2018-05-07T21:14:00", "id": "F5:K82350223", "href": "https://support.f5.com/csp/article/K82350223", "title": "MySQL vulnerabilities CVE-2018-2766, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, and CVE-2018-2775", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-11-19T21:21:44", "bulletinFamily": "software", "cvelist": ["CVE-2018-2786", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2782"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-24T17:18:00", "published": "2018-04-24T17:18:00", "id": "F5:K32702281", "href": "https://support.f5.com/csp/article/K32702281", "title": "Oracle MySQL vulnerabilities CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, and CVE-2018-2787", "type": "f5", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-11-22T09:22:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2816", "CVE-2018-2805", "CVE-2018-2813"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-24T17:34:00", "published": "2018-04-24T17:34:00", "id": "F5:K27992001", "href": "https://support.f5.com/csp/article/K27992001", "title": "MySQL vulnerabilities CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, and CVE-2018-2816", "type": "f5", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-11-19T03:29:17", "bulletinFamily": "software", "cvelist": ["CVE-2018-2776", "CVE-2018-2778", "CVE-2018-2777", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2779"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-24T17:27:00", "published": "2018-04-24T17:27:00", "id": "F5:K71231825", "href": "https://support.f5.com/csp/article/K71231825", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T03:54:32", "description": "The version of MySQL running on the remote host is 5.7.x prior to\n5.7.22. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 27, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2018-04-19T00:00:00", "title": "MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_22.NASL", "href": "https://www.tenable.com/plugins/nessus/109170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109170);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-2755\",\n \"CVE-2018-2758\",\n \"CVE-2018-2759\",\n \"CVE-2018-2761\",\n \"CVE-2018-2762\",\n \"CVE-2018-2766\",\n \"CVE-2018-2769\",\n \"CVE-2018-2771\",\n \"CVE-2018-2773\",\n \"CVE-2018-2775\",\n \"CVE-2018-2776\",\n \"CVE-2018-2777\",\n \"CVE-2018-2778\",\n \"CVE-2018-2779\",\n \"CVE-2018-2780\",\n \"CVE-2018-2781\",\n \"CVE-2018-2782\",\n \"CVE-2018-2784\",\n \"CVE-2018-2786\",\n \"CVE-2018-2787\",\n \"CVE-2018-2810\",\n \"CVE-2018-2812\",\n \"CVE-2018-2813\",\n \"CVE-2018-2816\",\n \"CVE-2018-2817\",\n \"CVE-2018-2818\",\n \"CVE-2018-2819\",\n \"CVE-2018-2839\",\n \"CVE-2018-2846\"\n );\n script_bugtraq_id(\n 103777,\n 103778,\n 103779,\n 103780,\n 103781,\n 103783,\n 103785,\n 103786,\n 103787,\n 103789,\n 103802,\n 103804,\n 103814,\n 103824,\n 103828,\n 103830\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.22. It is, therefore, affected by multiple vulnerabilities as\nnoted in the April 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64303a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.22', min:'5.7', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T10:19:17", "description": "**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-05-04T00:00:00", "title": "Fedora 26 : community-mysql (2018-8b920c2b00)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2018-05-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-8B920C2B00.NASL", "href": "https://www.tenable.com/plugins/nessus/109563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8b920c2b00.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109563);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"FEDORA\", value:\"2018-8b920c2b00\");\n\n script_name(english:\"Fedora 26 : community-mysql (2018-8b920c2b00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8b920c2b00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"community-mysql-5.7.22-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:15:27", "description": "**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : community-mysql (2018-00e90783d2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-00E90783D2.NASL", "href": "https://www.tenable.com/plugins/nessus/120201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-00e90783d2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120201);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"FEDORA\", value:\"2018-00e90783d2\");\n\n script_name(english:\"Fedora 28 : community-mysql (2018-00e90783d2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-00e90783d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2812\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"community-mysql-5.7.22-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-18T10:54:39", "description": "Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04\nLTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-24T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : MySQL vulnerabilities (USN-3629-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2018-04-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5", "cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3629-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3629-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109311);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"USN\", value:\"3629-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : MySQL vulnerabilities (USN-3629-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04\nLTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3629-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected mysql-server-5.5 and / or mysql-server-5.7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.60-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.22-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.7\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-09-18T10:54:39", "description": "USN-3629-1 fixed vulnerabilities in MySQL. This update provides the\ncorresponding updates for Ubuntu 18.04 LTS.\n\nMultiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04\nLTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-05-01T00:00:00", "title": "Ubuntu 18.04 LTS : MySQL vulnerabilities (USN-3629-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2018-05-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3629-3.NASL", "href": "https://www.tenable.com/plugins/nessus/109467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3629-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109467);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"USN\", value:\"3629-3\");\n\n script_name(english:\"Ubuntu 18.04 LTS : MySQL vulnerabilities (USN-3629-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3629-1 fixed vulnerabilities in MySQL. This update provides the\ncorresponding updates for Ubuntu 18.04 LTS.\n\nMultiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04\nLTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3629-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mysql-server-5.7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.22-0ubuntu18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.7\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:18:47", "description": "**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-05-04T00:00:00", "title": "Fedora 27 : community-mysql (2018-7025a5c25d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2018-05-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2018-7025A5C25D.NASL", "href": "https://www.tenable.com/plugins/nessus/109561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7025a5c25d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109561);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"FEDORA\", value:\"2018-7025a5c25d\");\n\n script_name(english:\"Fedora 27 : community-mysql (2018-7025a5c25d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 5.7.22**\n\n**Changelog**\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\n\n**CVEs fixed**\n\nCVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762\nCVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775\nCVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780\nCVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787\nCVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817\nCVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7025a5c25d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"community-mysql-5.7.22-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:19:46", "description": "Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server as well\nas unauthorized update, insert or delete access to some of MySQL\nServer accessible data. CVSS 3.0 Base Score 5.5 (Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2787)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith logon to the infrastructure where MySQL Server executes to\ncompromise MySQL Server. Successful attacks require human interaction\nfrom a person other than the attacker and while the vulnerability is\nin MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of\nMySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n(CVE-2018-2812)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2759)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2780)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Connection). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with logon to the infrastructure where MySQL\nServer executes to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2762)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Pluggable Auth). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2769)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2786)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2777)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2775)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2779)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2810)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2816)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2839)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Performance Schema). Supported versions that\nare affected are 5.7.21 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2846)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21\nand prior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with logon to\nthe infrastructure where MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2778)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Group Replication GCS). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via XCom to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2776)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized read access\nto a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)", "edition": 21, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-05-30T00:00:00", "title": "Amazon Linux AMI : mysql57 (ALAS-2018-1026)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql57-server", "p-cpe:/a:amazon:linux:mysql57-libs", "p-cpe:/a:amazon:linux:mysql57-test", "p-cpe:/a:amazon:linux:mysql57-common", "p-cpe:/a:amazon:linux:mysql57-debuginfo", "p-cpe:/a:amazon:linux:mysql57-embedded", "p-cpe:/a:amazon:linux:mysql57", "p-cpe:/a:amazon:linux:mysql57-errmsg", "p-cpe:/a:amazon:linux:mysql57-embedded-devel", "p-cpe:/a:amazon:linux:mysql57-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1026.NASL", "href": "https://www.tenable.com/plugins/nessus/110200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1026.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110200);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\");\n script_xref(name:\"ALAS\", value:\"2018-1026\");\n\n script_name(english:\"Amazon Linux AMI : mysql57 (ALAS-2018-1026)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server as well\nas unauthorized update, insert or delete access to some of MySQL\nServer accessible data. CVSS 3.0 Base Score 5.5 (Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2787)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith logon to the infrastructure where MySQL Server executes to\ncompromise MySQL Server. Successful attacks require human interaction\nfrom a person other than the attacker and while the vulnerability is\nin MySQL Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of\nMySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n(CVE-2018-2812)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2759)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2780)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Connection). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with logon to the infrastructure where MySQL\nServer executes to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2762)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Pluggable Auth). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2769)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server as well as\nunauthorized update, insert or delete access to some of MySQL Server\naccessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2786)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2777)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nlow privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2775)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2779)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows low privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2810)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: InnoDB). Supported versions that are affected are\n5.6.39 and prior and 5.7.21 and prior. Easily exploitable\nvulnerability allows high privileged attacker with network access via\nmultiple protocols to compromise MySQL Server. Successful attacks of\nthis vulnerability can result in unauthorized ability to cause a hang\nor frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2816)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.7.21 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2839)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Performance Schema). Supported versions that\nare affected are 5.7.21 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2846)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server : Security : Privileges). Supported versions\nthat are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21\nand prior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with logon to\nthe infrastructure where MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Locking). Supported versions that are affected\nare 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MySQL\nServer. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2778)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Group Replication GCS). Supported versions that are\naffected are 5.7.21 and prior. Easily exploitable vulnerability allows\nhigh privileged attacker with network access via XCom to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2776)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior.\nEasily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized read access\nto a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql57' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql57-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-common-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-debuginfo-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-devel-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-embedded-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-embedded-devel-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-errmsg-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-libs-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-server-5.7.22-2.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql57-test-5.7.22-2.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql57 / mysql57-common / mysql57-debuginfo / mysql57-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T02:39:26", "description": "Oracle reports :\n\nMySQL Multiple Flaws Let Remote Authenticated Users Access and Modify\nData, Remote and Local Users Deny Service, and Local Users Access Data\nand Gain Elevated Privileges\n\n- A local user can exploit a flaw in the Replication component to gain\nelevated privileges [CVE-2018-2755].\n\n- A remote authenticated user can exploit a flaw in the GIS Extension\ncomponent to cause denial of service conditions [CVE-2018-2805].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to cause denial of service conditions [CVE-2018-2782,\nCVE-2018-2784, CVE-2018-2819].\n\n- A remote authenticated user can exploit a flaw in the Security\nPrivileges component to cause denial of service conditions\n[CVE-2018-2758, CVE-2018-2818].\n\n- A remote authenticated user can exploit a flaw in the DDL component\nto cause denial of service conditions [CVE-2018-2817].\n\n- A remote authenticated user can exploit a flaw in the Optimizer\ncomponent to cause denial of service conditions [CVE-2018-2775,\nCVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,\nCVE-2018-2816].\n\n- A remote user can exploit a flaw in the Client programs component to\ncause denial of service conditions [CVE-2018-2761, CVE-2018-2773].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to partially modify data and cause denial of service\nconditions [CVE-2018-2786, CVE-2018-2787].\n\n- A remote authenticated user can exploit a flaw in the Optimizer\ncomponent to partially modify data and cause denial of service\nconditions [CVE-2018-2812].\n\n- A local user can exploit a flaw in the Cluster ndbcluster/plugin\ncomponent to cause denial of service conditions [CVE-2018-2877].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to cause denial of service conditions [CVE-2018-2759,\nCVE-2018-2766, CVE-2018-2777, CVE-2018-2810].\n\n- A remote authenticated user can exploit a flaw in the DML component\nto cause denial of service conditions [CVE-2018-2839].\n\n- A remote authenticated user can exploit a flaw in the Performance\nSchema component to cause denial of service conditions\n[CVE-2018-2846].\n\n- A remote authenticated user can exploit a flaw in the Pluggable Auth\ncomponent to cause denial of service conditions [CVE-2018-2769].\n\n- A remote authenticated user can exploit a flaw in the Group\nReplication GCS component to cause denial of service conditions\n[CVE-2018-2776].\n\n- A local user can exploit a flaw in the Connection component to cause\ndenial of service conditions [CVE-2018-2762].\n\n- A remote authenticated user can exploit a flaw in the Locking\ncomponent to cause denial of service conditions [CVE-2018-2771].\n\n- A remote authenticated user can exploit a flaw in the DDL component\nto partially access data [CVE-2018-2813].", "edition": 23, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-23T00:00:00", "title": "FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2805", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2877", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mariadb100-server", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mariadb102-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:mysql55-server", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:percona57-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server"], "id": "FREEBSD_PKG_57AEC168453E11E88777B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/109228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109228);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2805\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\", \"CVE-2018-2846\", \"CVE-2018-2877\");\n\n script_name(english:\"FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nMySQL Multiple Flaws Let Remote Authenticated Users Access and Modify\nData, Remote and Local Users Deny Service, and Local Users Access Data\nand Gain Elevated Privileges\n\n- A local user can exploit a flaw in the Replication component to gain\nelevated privileges [CVE-2018-2755].\n\n- A remote authenticated user can exploit a flaw in the GIS Extension\ncomponent to cause denial of service conditions [CVE-2018-2805].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to cause denial of service conditions [CVE-2018-2782,\nCVE-2018-2784, CVE-2018-2819].\n\n- A remote authenticated user can exploit a flaw in the Security\nPrivileges component to cause denial of service conditions\n[CVE-2018-2758, CVE-2018-2818].\n\n- A remote authenticated user can exploit a flaw in the DDL component\nto cause denial of service conditions [CVE-2018-2817].\n\n- A remote authenticated user can exploit a flaw in the Optimizer\ncomponent to cause denial of service conditions [CVE-2018-2775,\nCVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,\nCVE-2018-2816].\n\n- A remote user can exploit a flaw in the Client programs component to\ncause denial of service conditions [CVE-2018-2761, CVE-2018-2773].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to partially modify data and cause denial of service\nconditions [CVE-2018-2786, CVE-2018-2787].\n\n- A remote authenticated user can exploit a flaw in the Optimizer\ncomponent to partially modify data and cause denial of service\nconditions [CVE-2018-2812].\n\n- A local user can exploit a flaw in the Cluster ndbcluster/plugin\ncomponent to cause denial of service conditions [CVE-2018-2877].\n\n- A remote authenticated user can exploit a flaw in the InnoDB\ncomponent to cause denial of service conditions [CVE-2018-2759,\nCVE-2018-2766, CVE-2018-2777, CVE-2018-2810].\n\n- A remote authenticated user can exploit a flaw in the DML component\nto cause denial of service conditions [CVE-2018-2839].\n\n- A remote authenticated user can exploit a flaw in the Performance\nSchema component to cause denial of service conditions\n[CVE-2018-2846].\n\n- A remote authenticated user can exploit a flaw in the Pluggable Auth\ncomponent to cause denial of service conditions [CVE-2018-2769].\n\n- A remote authenticated user can exploit a flaw in the Group\nReplication GCS component to cause denial of service conditions\n[CVE-2018-2776].\n\n- A local user can exploit a flaw in the Connection component to cause\ndenial of service conditions [CVE-2018-2762].\n\n- A remote authenticated user can exploit a flaw in the Locking\ncomponent to cause denial of service conditions [CVE-2018-2771].\n\n- A remote authenticated user can exploit a flaw in the DDL component\nto partially access data [CVE-2018-2813].\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76507bf8\"\n );\n # https://vuxml.freebsd.org/freebsd/57aec168-453e-11e8-8777-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2312f6f4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb102-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.60\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-server<10.0.35\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.33\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb102-server<10.2.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<5.5.60\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.40\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.60\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.40\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-server<5.7.22\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:16:36", "description": "**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : 3:mariadb (2018-2513b888a4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-2513B888A4.NASL", "href": "https://www.tenable.com/plugins/nessus/120297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2513b888a4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120297);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"FEDORA\", value:\"2018-2513b888a4\");\n\n script_name(english:\"Fedora 28 : 3:mariadb (2018-2513b888a4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2513b888a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2787\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mariadb-10.2.15-2.fc28\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T10:19:11", "description": "**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.7, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-06-25T00:00:00", "title": "Fedora 27 : 3:mariadb (2018-86026275ea)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2018-06-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-86026275EA.NASL", "href": "https://www.tenable.com/plugins/nessus/110668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-86026275ea.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110668);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_xref(name:\"FEDORA\", value:\"2018-86026275ea\");\n\n script_name(english:\"Fedora 27 : 3:mariadb (2018-86026275ea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MariaDB 10.2.15**\n\nRelease notes :\n\nhttps://mariadb.com/kb/en/library/mariadb-10215-release-notes/\n\nCVEs fixed :\n\nCVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781\nCVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817\nCVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810\n\nNew features :\n\n - Now builds with lz4 support\n\nEnhacements :\n\n - mysqladmin is now used to check the socket when the\n daemon is starting\n\nissues :\n\n - Please note, that TokuDB storage engine is being build\n in a unsupported way - without jemalloc. it will remain\n this way, until TokuDB is fixed to be able to build and\n run with jemalloc 5 or witout jemalloc at all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mariadb-10.2.15-2.fc27\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "USN-3629-1 fixed vulnerabilities in MySQL. This update provides the \ncorresponding updates for Ubuntu 18.04 LTS.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and \nUbuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html> \n<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html>", "edition": 5, "modified": "2018-04-30T00:00:00", "published": "2018-04-30T00:00:00", "id": "USN-3629-3", "href": "https://ubuntu.com/security/notices/USN-3629-3", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:42:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and \nUbuntu 17.10 have been updated to MySQL 5.7.22.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html> \n<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html>", "edition": 5, "modified": "2018-04-23T00:00:00", "published": "2018-04-23T00:00:00", "id": "USN-3629-1", "href": "https://ubuntu.com/security/notices/USN-3629-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "USN-3629-1 fixed a vulnerability in MySQL. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.60 in Ubuntu 12.04 ESM.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html> \n<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html>", "edition": 6, "modified": "2018-04-25T00:00:00", "published": "2018-04-25T00:00:00", "id": "USN-3629-2", "href": "https://ubuntu.com/security/notices/USN-3629-2", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-04-25T00:00:00", "id": "OPENVAS:1361412562310843513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843513", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3629-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3629_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mysql-5.7 USN-3629-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843513\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 08:38:24 +0200 (Wed, 25 Apr 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2779\", \"CVE-2018-2786\", \"CVE-2018-2816\",\n \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\",\n \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3629-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n MySQL and this update includes new upstream MySQL versions to fix these issues.\n MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and\n Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes,\n the updated packages contain bug fixes, new features, and possibly incompatible\n changes. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3629-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3629-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.60-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-16T00:00:00", "id": "OPENVAS:1361412562310874489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874489", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2018-00e90783d2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_00e90783d2_community-mysql_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for community-mysql FEDORA-2018-00e90783d2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874489\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 05:57:41 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\",\n \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2780\", \"CVE-2018-2781\",\n \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\",\n \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\", \"CVE-2018-2816\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2018-00e90783d2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-00e90783d2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUNYFR3FFTGAFCUH54EWRGMHNCVBEUM2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.22~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-05-08T00:00:00", "id": "OPENVAS:1361412562310843517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843517", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3629-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3629_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mysql-5.7 USN-3629-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843517\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-08 09:25:32 +0200 (Tue, 08 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2758\", \"CVE-2018-2759\", \"CVE-2018-2761\",\n \"CVE-2018-2762\", \"CVE-2018-2766\", \"CVE-2018-2769\", \"CVE-2018-2771\",\n \"CVE-2018-2773\", \"CVE-2018-2779\", \"CVE-2018-2786\", \"CVE-2018-2816\",\n \"CVE-2018-2775\", \"CVE-2018-2776\", \"CVE-2018-2777\", \"CVE-2018-2778\",\n \"CVE-2018-2780\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2813\",\n \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\", \"CVE-2018-2839\",\n \"CVE-2018-2846\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3629-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3629-1 fixed vulnerabilities in MySQL. This update provides the\ncorresponding updates for Ubuntu 18.04 LTS.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues.\nMySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and\nUbuntu 17.10 have been updated to MySQL 5.7.22.\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3629-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3629-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.22-0ubuntu18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-25T00:00:00", "id": "OPENVAS:1361412562310874736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874736", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-86026275ea", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_86026275ea_mariadb_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-86026275ea\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874736\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-25 06:05:15 +0200 (Mon, 25 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\",\n \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\",\n \"CVE-2018-2759\", \"CVE-2018-2777\", \"CVE-2018-2810\", \"CVE-2018-2773\",\n \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-86026275ea\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-86026275ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQLBOVRZ6QN7XPU3LT27MYCHZPFRRQ2R\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-20T00:00:00", "id": "OPENVAS:1361412562310874709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874709", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-2513b888a4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2513b888a4_mariadb_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-2513b888a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874709\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-20 06:18:49 +0200 (Wed, 20 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2018-2786\", \"CVE-2018-2759\", \"CVE-2018-2777\", \"CVE-2018-2810\", \"CVE-2018-2773\", \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-2513b888a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2513b888a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URT2E3H3SHHUPWOZR3UMN3DFK7WUGAYI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2777", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2779", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2839"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-04-19T00:00:00", "id": "OPENVAS:1361412562310813146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813146", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2018-3678067) 03 - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2018-3678067) 03 - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813146\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2846\", \"CVE-2018-2776\", \"CVE-2018-2762\", \"CVE-2018-2816\",\n \"CVE-2018-2769\", \"CVE-2018-2780\", \"CVE-2018-2786\", \"CVE-2018-2839\",\n \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2775\", \"CVE-2018-2777\",\n \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2759\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 10:34:42 +0530 (Thu, 19 Apr 2018)\");\n script_name(\"Oracle Mysql Security Updates (apr2018-3678067) 03 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - An error in the 'Server:Performance Schema' component of MySQL Server.\n\n - An error in the 'Group Replication GCS' component of MySQL Server.\n\n - An error in the 'Server:Connection' component of MySQL Server.\n\n - Multiple errors in the 'Server:Optimizer' component of MySQL Server.\n\n - An error in the 'Server:Pluggable Auth' component of MySQL Server.\n\n - An error in the 'Server:DML' component of MySQL Server.\n\n - Multiple errors in the 'InnoDB' component of MySQL Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to conduct a denial of service and have an\n impact on integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.7.21 and earlier\n on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the latest patch from vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.21\")){\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:path);\n security_message(port:sqlPort, data:report);\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2775", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2777", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2779", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2839"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-04-19T00:00:00", "id": "OPENVAS:1361412562310813147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813147", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2018-3678067) 03 - Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2018-3678067) 03 - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813147\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2846\", \"CVE-2018-2776\", \"CVE-2018-2762\", \"CVE-2018-2816\",\n \"CVE-2018-2769\", \"CVE-2018-2780\", \"CVE-2018-2786\", \"CVE-2018-2839\",\n \"CVE-2018-2778\", \"CVE-2018-2779\", \"CVE-2018-2775\", \"CVE-2018-2777\",\n \"CVE-2018-2810\", \"CVE-2018-2812\", \"CVE-2018-2759\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-19 10:34:42 +0530 (Thu, 19 Apr 2018)\");\n script_name(\"Oracle Mysql Security Updates (apr2018-3678067) 03 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - An error in the 'Server:Performance Schema' component of MySQL Server.\n\n - An error in the 'Group Replication GCS' component of MySQL Server.\n\n - An error in the 'Server:Connection' component of MySQL Server.\n\n - Multiple errors in the 'Server:Optimizer' component of MySQL Server.\n\n - An error in the 'Server:Pluggable Auth' component of MySQL Server.\n\n - An error in the 'Server:DML' component of MySQL Server.\n\n - Multiple errors in the 'InnoDB' component of MySQL Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to conduct a denial of service and have an\n impact on integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.7.21 and earlier\n on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the latest patch from vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.21\")){\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:path);\n security_message(port:sqlPort, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-01-31T17:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852040", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1595-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852040\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2759\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \"CVE-2018-2771\", \"CVE-2018-2777\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2786\", \"CVE-2018-2787\", \"CVE-2018-2810\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:36:20 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1595-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1595-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00008.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the openSUSE-SU-2018:1595-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb to version 10.2.15 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return\n of BACKRONYM) (bsc#1088681).\n\n - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server accessible data\n (bsc#1089987).\n\n - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n\n - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n\n - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.15~lp150.2.3.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T16:47:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-06-23T00:00:00", "id": "OPENVAS:1361412562310851797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851797", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1800-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851797\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 05:57:46 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\",\n \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\",\n \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2018:1800-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MariaDB to version 10.0.35 fixes multiple issues:\n\n Security issues fixed:\n\n * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes\n (bsc#1090518)\n\n * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)\n\n * CVE-2018-2755: Unspecified vulnerability in Replication allowing server\n compromise (bsc#1090518)\n\n * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n\n * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)\n\n * CVE-2018-2761: Unspecified DoS vulnerability in Client programs\n (bsc#1090518)\n\n * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer\n (bsc#1090518)\n\n * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking\n component (bsc#1090518)\n\n * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing\n unauthorized reads (bsc#1090518)\n\n * CVE-2018-2767: The embedded server library now supports SSL when\n connecting to remote servers (bsc#1088681)\n\n The following changes are included:\n\n * XtraDB updated to 5.6.39-83.1\n\n * TokuDB updated to 5.6.39-83.1\n\n * InnoDB updated to 5.6.40\n\n * Fix for Crash in MVCC read after IMPORT TABLESPACE\n\n * Fix for innodb_read_only trying to modify files if transactions were\n recovered in COMMITTED state\n\n * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index\n\n * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing\n corrupted record\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-668=1\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1800-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T18:55:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.", "modified": "2019-07-04T00:00:00", "published": "2018-04-20T00:00:00", "id": "OPENVAS:1361412562310704176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704176", "type": "openvas", "title": "Debian Security Advisory DSA 4176-1 (mysql-5.5 - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4176-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704176\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2771\", \"CVE-2018-2773\", \"CVE-2018-2781\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2818\", \"CVE-2018-2819\");\n script_name(\"Debian Security Advisory DSA 4176-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-20 00:00:00 +0200 (Fri, 20 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4176.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/mysql-5.5\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.60-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2766", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2839", "CVE-2018-2846"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2018-05-03T15:27:25", "published": "2018-05-03T15:27:25", "id": "FEDORA:0CBE260E86FA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: community-mysql-5.7.22-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-06-24T20:10:42", "published": "2018-06-24T20:10:42", "id": "FEDORA:5D69F601CACB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mariadb-10.2.15-2.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-06-20T01:57:32", "published": "2018-06-20T01:57:32", "id": "FEDORA:A4AB861361C8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mariadb-10.2.15-2.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10379", "CVE-2017-10384", "CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2766", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2839", "CVE-2018-2846"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2018-05-04T08:20:04", "published": "2018-05-04T08:20:04", "id": "FEDORA:F1E6961A519A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: community-mysql-5.7.22-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2816", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2839", "CVE-2018-2846", "CVE-2018-3056", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3061", "CVE-2018-3062", "CVE-2018-3064", "CVE-2018-3065", "CVE-2018-3066", "CVE-2018-3070", "CVE-2018-3071", "CVE-2018-3077", "CVE-2018-3081"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2018-09-11T17:01:28", "published": "2018-09-11T17:01:28", "id": "FEDORA:9509C6014637", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: community-mysql-5.7.23-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3081"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-08-31T21:17:15", "published": "2018-08-31T21:17:15", "id": "FEDORA:B87EA60769EE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mariadb-10.2.17-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3081"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-08-31T20:04:41", "published": "2018-08-31T20:04:41", "id": "FEDORA:C9D70604239F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mariadb-10.2.17-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3312", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2766", "CVE-2018-2769", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2839", "CVE-2018-2846"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2018-05-03T15:23:33", "published": "2018-05-03T15:23:33", "id": "FEDORA:8DE4F613FFDF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: community-mysql-5.7.22-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2018-05-22T14:31:34", "published": "2018-05-22T14:31:34", "id": "FEDORA:DDCB860779BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mariadb-10.1.33-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-2787 __](<https://access.redhat.com/security/cve/CVE-2018-2787>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).([CVE-2018-2755 __](<https://access.redhat.com/security/cve/CVE-2018-2755>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2819 __](<https://access.redhat.com/security/cve/CVE-2018-2819>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ([CVE-2018-2812 __](<https://access.redhat.com/security/cve/CVE-2018-2812>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2759 __](<https://access.redhat.com/security/cve/CVE-2018-2759>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2780 __](<https://access.redhat.com/security/cve/CVE-2018-2780>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2762 __](<https://access.redhat.com/security/cve/CVE-2018-2762>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2769 __](<https://access.redhat.com/security/cve/CVE-2018-2769>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-2786 __](<https://access.redhat.com/security/cve/CVE-2018-2786>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-2777 __](<https://access.redhat.com/security/cve/CVE-2018-2777>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2775 __](<https://access.redhat.com/security/cve/CVE-2018-2775>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2817 __](<https://access.redhat.com/security/cve/CVE-2018-2817>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-2779 __](<https://access.redhat.com/security/cve/CVE-2018-2779>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2782 __](<https://access.redhat.com/security/cve/CVE-2018-2782>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2761 __](<https://access.redhat.com/security/cve/CVE-2018-2761>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2784 __](<https://access.redhat.com/security/cve/CVE-2018-2784>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2810 __](<https://access.redhat.com/security/cve/CVE-2018-2810>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2758 __](<https://access.redhat.com/security/cve/CVE-2018-2758>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2766 __](<https://access.redhat.com/security/cve/CVE-2018-2766>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2816 __](<https://access.redhat.com/security/cve/CVE-2018-2816>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2839 __](<https://access.redhat.com/security/cve/CVE-2018-2839>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2846 __](<https://access.redhat.com/security/cve/CVE-2018-2846>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2818 __](<https://access.redhat.com/security/cve/CVE-2018-2818>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2773 __](<https://access.redhat.com/security/cve/CVE-2018-2773>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2771 __](<https://access.redhat.com/security/cve/CVE-2018-2771>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2778 __](<https://access.redhat.com/security/cve/CVE-2018-2778>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2776 __](<https://access.redhat.com/security/cve/CVE-2018-2776>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2781 __](<https://access.redhat.com/security/cve/CVE-2018-2781>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2813 __](<https://access.redhat.com/security/cve/CVE-2018-2813>))\n\n \n**Affected Packages:** \n\n\nmysql57\n\n \n**Issue Correction:** \nRun _yum update mysql57_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql57-server-5.7.22-2.7.amzn1.i686 \n mysql57-common-5.7.22-2.7.amzn1.i686 \n mysql57-libs-5.7.22-2.7.amzn1.i686 \n mysql57-test-5.7.22-2.7.amzn1.i686 \n mysql57-5.7.22-2.7.amzn1.i686 \n mysql57-devel-5.7.22-2.7.amzn1.i686 \n mysql57-debuginfo-5.7.22-2.7.amzn1.i686 \n mysql57-errmsg-5.7.22-2.7.amzn1.i686 \n mysql57-embedded-devel-5.7.22-2.7.amzn1.i686 \n mysql57-embedded-5.7.22-2.7.amzn1.i686 \n \n src: \n mysql57-5.7.22-2.7.amzn1.src \n \n x86_64: \n mysql57-server-5.7.22-2.7.amzn1.x86_64 \n mysql57-common-5.7.22-2.7.amzn1.x86_64 \n mysql57-5.7.22-2.7.amzn1.x86_64 \n mysql57-devel-5.7.22-2.7.amzn1.x86_64 \n mysql57-test-5.7.22-2.7.amzn1.x86_64 \n mysql57-errmsg-5.7.22-2.7.amzn1.x86_64 \n mysql57-embedded-5.7.22-2.7.amzn1.x86_64 \n mysql57-debuginfo-5.7.22-2.7.amzn1.x86_64 \n mysql57-libs-5.7.22-2.7.amzn1.x86_64 \n mysql57-embedded-devel-5.7.22-2.7.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-05-25T18:22:00", "published": "2018-05-25T18:22:00", "id": "ALAS-2018-1026", "href": "https://alas.aws.amazon.com/ALAS-2018-1026.html", "title": "Medium: mysql57", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2758"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ([CVE-2018-2787 __](<https://access.redhat.com/security/cve/CVE-2018-2787>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2758 __](<https://access.redhat.com/security/cve/CVE-2018-2758>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).([CVE-2018-2755 __](<https://access.redhat.com/security/cve/CVE-2018-2755>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2817 __](<https://access.redhat.com/security/cve/CVE-2018-2817>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2819 __](<https://access.redhat.com/security/cve/CVE-2018-2819>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2761 __](<https://access.redhat.com/security/cve/CVE-2018-2761>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2784 __](<https://access.redhat.com/security/cve/CVE-2018-2784>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2766 __](<https://access.redhat.com/security/cve/CVE-2018-2766>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2771 __](<https://access.redhat.com/security/cve/CVE-2018-2771>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2818 __](<https://access.redhat.com/security/cve/CVE-2018-2818>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2773 __](<https://access.redhat.com/security/cve/CVE-2018-2773>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2782 __](<https://access.redhat.com/security/cve/CVE-2018-2782>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2781 __](<https://access.redhat.com/security/cve/CVE-2018-2781>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2813 __](<https://access.redhat.com/security/cve/CVE-2018-2813>))\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-embedded-devel-5.6.40-1.29.amzn1.i686 \n mysql56-debuginfo-5.6.40-1.29.amzn1.i686 \n mysql56-libs-5.6.40-1.29.amzn1.i686 \n mysql56-server-5.6.40-1.29.amzn1.i686 \n mysql56-bench-5.6.40-1.29.amzn1.i686 \n mysql56-5.6.40-1.29.amzn1.i686 \n mysql56-embedded-5.6.40-1.29.amzn1.i686 \n mysql56-test-5.6.40-1.29.amzn1.i686 \n mysql56-devel-5.6.40-1.29.amzn1.i686 \n mysql56-common-5.6.40-1.29.amzn1.i686 \n mysql56-errmsg-5.6.40-1.29.amzn1.i686 \n \n src: \n mysql56-5.6.40-1.29.amzn1.src \n \n x86_64: \n mysql56-5.6.40-1.29.amzn1.x86_64 \n mysql56-libs-5.6.40-1.29.amzn1.x86_64 \n mysql56-test-5.6.40-1.29.amzn1.x86_64 \n mysql56-embedded-devel-5.6.40-1.29.amzn1.x86_64 \n mysql56-bench-5.6.40-1.29.amzn1.x86_64 \n mysql56-common-5.6.40-1.29.amzn1.x86_64 \n mysql56-errmsg-5.6.40-1.29.amzn1.x86_64 \n mysql56-server-5.6.40-1.29.amzn1.x86_64 \n mysql56-devel-5.6.40-1.29.amzn1.x86_64 \n mysql56-embedded-5.6.40-1.29.amzn1.x86_64 \n mysql56-debuginfo-5.6.40-1.29.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-05-25T18:26:00", "published": "2018-05-25T18:26:00", "id": "ALAS-2018-1027", "href": "https://alas.aws.amazon.com/ALAS-2018-1027.html", "title": "Medium: mysql56", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).([CVE-2018-2755 __](<https://access.redhat.com/security/cve/CVE-2018-2755>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2817 __](<https://access.redhat.com/security/cve/CVE-2018-2817>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2819 __](<https://access.redhat.com/security/cve/CVE-2018-2819>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2761 __](<https://access.redhat.com/security/cve/CVE-2018-2761>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2771 __](<https://access.redhat.com/security/cve/CVE-2018-2771>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2818 __](<https://access.redhat.com/security/cve/CVE-2018-2818>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2773 __](<https://access.redhat.com/security/cve/CVE-2018-2773>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-2781 __](<https://access.redhat.com/security/cve/CVE-2018-2781>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2813 __](<https://access.redhat.com/security/cve/CVE-2018-2813>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-embedded-5.5.60-1.21.amzn1.i686 \n mysql55-devel-5.5.60-1.21.amzn1.i686 \n mysql-config-5.5.60-1.21.amzn1.i686 \n mysql55-test-5.5.60-1.21.amzn1.i686 \n mysql55-server-5.5.60-1.21.amzn1.i686 \n mysql55-bench-5.5.60-1.21.amzn1.i686 \n mysql55-libs-5.5.60-1.21.amzn1.i686 \n mysql55-debuginfo-5.5.60-1.21.amzn1.i686 \n mysql55-embedded-devel-5.5.60-1.21.amzn1.i686 \n mysql55-5.5.60-1.21.amzn1.i686 \n \n src: \n mysql55-5.5.60-1.21.amzn1.src \n \n x86_64: \n mysql55-bench-5.5.60-1.21.amzn1.x86_64 \n mysql55-5.5.60-1.21.amzn1.x86_64 \n mysql55-embedded-5.5.60-1.21.amzn1.x86_64 \n mysql-config-5.5.60-1.21.amzn1.x86_64 \n mysql55-debuginfo-5.5.60-1.21.amzn1.x86_64 \n mysql55-libs-5.5.60-1.21.amzn1.x86_64 \n mysql55-test-5.5.60-1.21.amzn1.x86_64 \n mysql55-server-5.5.60-1.21.amzn1.x86_64 \n mysql55-devel-5.5.60-1.21.amzn1.x86_64 \n mysql55-embedded-devel-5.5.60-1.21.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-05-25T18:26:00", "published": "2018-05-25T18:26:00", "id": "ALAS-2018-1028", "href": "https://alas.aws.amazon.com/ALAS-2018-1028.html", "title": "Medium: mysql55", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2775", "CVE-2018-2817", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2780", "CVE-2018-2816", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2805", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2779", "CVE-2018-2813", "CVE-2018-2762", "CVE-2018-2877", "CVE-2018-2846", "CVE-2018-2758", "CVE-2018-2839"], "description": "\nOracle reports:\n\nMySQL Multiple Flaws Let Remote Authenticated Users Access and\n\t Modify Data, Remote and Local Users Deny Service, and Local Users\n\t Access Data and Gain Elevated Privileges\n\nA local user can exploit a flaw in the Replication component\n\t to gain elevated privileges [CVE-2018-2755].\nA remote authenticated user can exploit a flaw in the GIS\n\t Extension component to cause denial of service conditions\n\t [CVE-2018-2805].\nA remote authenticated user can exploit a flaw in the InnoDB\n\t component to cause denial of service conditions [CVE-2018-2782,\n\t CVE-2018-2784, CVE-2018-2819].\nA remote authenticated user can exploit a flaw in the Security\n\t Privileges component to cause denial of service conditions\n\t [CVE-2018-2758, CVE-2018-2818].\nA remote authenticated user can exploit a flaw in the DDL\n\t component to cause denial of service conditions\n\t [CVE-2018-2817].\nA remote authenticated user can exploit a flaw in the Optimizer\n\t component to cause denial of service conditions [CVE-2018-2775,\n\t CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,\n\t CVE-2018-2816].\nA remote user can exploit a flaw in the Client programs\n\t component to cause denial of service conditions [CVE-2018-2761,\n\t CVE-2018-2773].\nA remote authenticated user can exploit a flaw in the InnoDB\n\t component to partially modify data and cause denial of service\n\t conditions [CVE-2018-2786, CVE-2018-2787].\nA remote authenticated user can exploit a flaw in the Optimizer\n\t component to partially modify data and cause denial of service\n\t conditions [CVE-2018-2812].\nA local user can exploit a flaw in the Cluster ndbcluster/plugin\n\t component to cause denial of service conditions [CVE-2018-2877].\n\t \nA remote authenticated user can exploit a flaw in the InnoDB\n\t component to cause denial of service conditions [CVE-2018-2759,\n\t CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].\nA remote authenticated user can exploit a flaw in the DML\n\t component to cause denial of service conditions [CVE-2018-2839].\n\t \nA remote authenticated user can exploit a flaw in the\n\t Performance Schema component to cause denial of service conditions\n\t [CVE-2018-2846].\nA remote authenticated user can exploit a flaw in the Pluggable\n\t Auth component to cause denial of service conditions\n\t [CVE-2018-2769].\nA remote authenticated user can exploit a flaw in the Group\n\t Replication GCS component to cause denial of service conditions\n\t [CVE-2018-2776].\nA local user can exploit a flaw in the Connection component to\n\t cause denial of service conditions [CVE-2018-2762].\nA remote authenticated user can exploit a flaw in the Locking\n\t component to cause denial of service conditions [CVE-2018-2771].\n\t \nA remote authenticated user can exploit a flaw in the DDL\n\t component to partially access data [CVE-2018-2813].\n\n\n", "edition": 5, "modified": "2018-04-17T00:00:00", "published": "2018-04-17T00:00:00", "id": "57AEC168-453E-11E8-8777-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/57aec168-453e-11e8-8777-b499baebfeaf.html", "title": "MySQL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2018-06-08T03:29:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2759", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2786", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2777", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "description": "This update for mariadb to version 10.2.15 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return\n of BACKRONYM) (bsc#1088681).\n - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server accessible data\n (bsc#1089987).\n - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987).\n - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update,\n insert or delete access to some of MySQL Server accessible data\n (bsc#1089987, bsc#1090518).\n - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Difficult to exploit\n vulnerability allowed unauthenticated attacker with logon to the\n infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks require human interaction from a person other than\n the attacker and while the vulnerability is in MySQL Server, attacks may\n significantly impact additional products. Successful attacks of this\n vulnerability can result in takeover of MySQL Server (bsc#1089987,\n bsc#1090518).\n - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518).\n - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability\n allowed low privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987,\n bsc#1090518).\n - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Client programs). Difficult to exploit\n vulnerability allowed unauthenticated attacker with network access via\n multiple protocols to compromise MySQL Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987,\n bsc#1090518).\n - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Easily exploitable\n vulnerability allowed high privileged attacker with network access via\n multiple protocols to compromise MySQL Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987,\n bsc#1090518).\n - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Locking). Difficult to exploit\n vulnerability allowed high privileged attacker with network access via\n multiple protocols to compromise MySQL Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987,\n bsc#1090518).\n - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability\n allowed low privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to a subset of\n MySQL Server accessible data (bsc#1089987, bsc#1090518).\n\n These non-security issues were fixed:\n\n - PCRE updated to 8.42\n - Incomplete validation of missing tablespace during recovery\n - ib_buffer_pool unnecessarily includes the temporary tablespace\n - InnoDB may write uninitialized garbage to redo log\n - Virtual Columns: Assertion failed in dict_table_get_col_name\n - slow innodb startup/shutdown can exceed systemd timeout\n - Assertion failed in dict_check_sys_tables on upgrade from 5.5\n - Change buffer crash during TRUNCATE or DROP TABLE\n - temporary table ROLLBACK fixes\n\n For additional details please see\n\n - <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/library/mariadb-10215-release-notes\">https://mariadb.com/kb/en/library/mariadb-10215-release-notes</a>\n - <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/library/mariadb-10215-changelog\">https://mariadb.com/kb/en/library/mariadb-10215-changelog</a>\n\n", "edition": 1, "modified": "2018-06-08T00:11:54", "published": "2018-06-08T00:11:54", "id": "OPENSUSE-SU-2018:1595-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00008.html", "title": "Security update for mariadb (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-06-23T06:01:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "description": "This update for MariaDB to version 10.0.35 fixes multiple issues:\n\n Security issues fixed:\n\n * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes\n (bsc#1090518)\n * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)\n * CVE-2018-2755: Unspecified vulnerability in Replication allowing server\n compromise (bsc#1090518)\n * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)\n * CVE-2018-2761: Unspecified DoS vulnerability in Client programs\n (bsc#1090518)\n * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer\n (bsc#1090518)\n * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking\n component (bsc#1090518)\n * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing\n unauthorized reads (bsc#1090518)\n * CVE-2018-2767: The embedded server library now supports SSL when\n connecting to remote servers (bsc#1088681)\n\n The following changes are included:\n\n * XtraDB updated to 5.6.39-83.1\n * TokuDB updated to 5.6.39-83.1\n * InnoDB updated to 5.6.40\n * Fix for Crash in MVCC read after IMPORT TABLESPACE\n * Fix for innodb_read_only trying to modify files if transactions were\n recovered in COMMITTED state\n * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index\n * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing\n corrupted record\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2018-06-23T03:12:07", "published": "2018-06-23T03:12:07", "id": "OPENSUSE-SU-2018:1800-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00042.html", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2758", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2805", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.40). (BZ#1571242)\n\nSecurity Fix(es):\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) (CVE-2018-2758)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2766)\n\n* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)\n\n* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2773)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2782)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2784)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2787)\n\n* mysql: GIS Extension unspecified vulnerability (CPU Apr 2018) (CVE-2018-2805)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)\n\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)\n\n* mysql: Server : Security : Privileges unspecified vulnerability (CPU Apr 2018) (CVE-2018-2818)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-13T01:28:22", "published": "2018-04-26T10:59:23", "id": "RHSA-2018:1254", "href": "https://access.redhat.com/errata/RHSA-2018:1254", "type": "redhat", "title": "(RHSA-2018:1254) Moderate: rh-mysql56-mysql security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"], "description": "New mariadb packages are available for Slackware 14.1 and 14.2 to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mariadb-10.0.35-i586-1_slack14.2.txz: Upgraded.\n This update fixes bugs and security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.60-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.60-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.35-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.35-x86_64-1_slack14.2.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n3b71d2f3d141f91c67a174eb02f3aef2 mariadb-5.5.60-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8cd272a56bcad890e7c961d511f70fc6 mariadb-5.5.60-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ne7d91844d97f3d02e7b1719ed4023e97 mariadb-10.0.35-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n1a9d3c18b1b3eb0f48c5b700faf7352e mariadb-10.0.35-x86_64-1_slack14.2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-10.0.35-i586-1_slack14.2.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2018-05-10T21:14:32", "published": "2018-05-10T21:14:32", "id": "SSA-2018-130-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.395402", "type": "slackware", "title": "[slackware-security] mariadb", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "Package : mysql-5.5\nVersion : 5.5.60-0+deb7u1\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle&#x27;s Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.5.60-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-04-19T17:29:25", "published": "2018-04-19T17:29:25", "id": "DEBIAN:DLA-1355-1:BC9FB", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201804/msg00020.html", "title": "[SECURITY] [DLA 1355-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:01:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2771", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4176-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773\n CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818\n CVE-2018-2819\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.60, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle&#x27;s Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.60-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFor the detailed security status of mysql-5.5 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/mysql-5.5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-04-20T08:34:38", "published": "2018-04-20T08:34:38", "id": "DEBIAN:DSA-4176-1:98D3A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00103.html", "title": "[SECURITY] [DSA 4176-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 6, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2759", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2759"], "modified": "2019-05-21T22:29:00", "cpe": ["cpe:/a:oracle:mysql:5.7.21"], "id": "CVE-2018-2759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2759", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 8, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2839", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2839"], "modified": "2020-06-16T17:12:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.7.21", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2839", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 6, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2777", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2777"], "modified": "2019-05-21T22:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:5.7.21", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2777", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2777", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2846", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2846"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.7.21", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2846", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2846", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2775", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2775"], "modified": "2018-11-27T11:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:5.7.21", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2775", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2775", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2758", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2758"], "modified": "2018-11-27T11:29:00", "cpe": ["cpe:/a:oracle:mysql:5.7.21", "cpe:/a:oracle:mysql:5.6.39"], "id": "CVE-2018-2758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2758", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.39:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 8, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2810", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2810"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.7.21", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2810", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2782", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2782"], "modified": "2019-05-21T22:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:5.7.21", "cpe:/a:oracle:mysql:5.6.39", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2782", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2782", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.39:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 5, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2778", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2778"], "modified": "2018-11-27T11:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:5.7.21", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2778", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2778", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 5.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2018-04-19T02:29:00", "title": "CVE-2018-2787", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2787"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:5.7.21", "cpe:/a:oracle:mysql:5.6.39", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-2787", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2787", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.39:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.21:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}]}