Scientific Linux Security Update : mariadb on SL7.x x86_64 (20190806)
2019-08-27T00:00:00
ID SL_20190806_MARIADB_ON_SL7_X.NASL Type nessus Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-08-27T00:00:00
{"nessus": [{"lastseen": "2021-01-01T05:19:14", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es) :\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nJul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct\n2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU\nJan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)\n(CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)\n(CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nApr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.", "edition": 17, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-12T00:00:00", "title": "RHEL 7 : mariadb (RHSA-2019:2327)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "p-cpe:/a:redhat:enterprise_linux:mariadb-server"], "id": "REDHAT-RHSA-2019-2327.NASL", "href": "https://www.tenable.com/plugins/nessus/127712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2327. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127712);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-3282\", \"CVE-2019-2503\", \"CVE-2019-2529\", \"CVE-2019-2614\", \"CVE-2019-2627\");\n script_xref(name:\"RHSA\", value:\"2019:2327\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2019:2327)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es) :\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nJul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct\n2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU\nJan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)\n(CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)\n(CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nApr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2627\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2327\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.64-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.64-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T12:05:08", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected\nby multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: MyISAM). Supported versions that\n are affected are 5.5.60 and prior, 5.6.40 and prior and\n 5.7.22 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2018-3058)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.5.60 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3063)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Storage Engines). Supported\n versions that are affected are 5.5.61 and prior, 5.6.41\n and prior, 5.7.23 and prior and 8.0.12 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3282)\n\n - Vulnerability in the MySQL Client component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Client as well as unauthorized update,\n insert or delete access to some of MySQL Client\n accessible data. CVSS 3.0 Base Score 5.0 (Integrity and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Options). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior and 5.7.22 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.3\n (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2018-3066)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Connection Handling).\n Supported versions that are affected are 5.6.42 and\n prior, 5.7.24 and prior and 8.0.13 and prior. Difficult\n to exploit vulnerability allows low privileged attacker\n with access to the physical communication segment\n attached to the hardware where the MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all MySQL Server\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.4 (Confidentiality and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2019-2503)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.6.43 and prior, 5.7.25\n and prior and 8.0.15 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2614)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.43 and\n prior, 5.7.25 and prior and 8.0.15 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2627)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24\n and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-10-15T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2019-10-15T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0197_MARIADB.NASL", "href": "https://www.tenable.com/plugins/nessus/129910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0197. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129910);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-3058\",\n \"CVE-2018-3063\",\n \"CVE-2018-3066\",\n \"CVE-2018-3081\",\n \"CVE-2018-3282\",\n \"CVE-2019-2503\",\n \"CVE-2019-2529\",\n \"CVE-2019-2614\",\n \"CVE-2019-2627\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0197)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected\nby multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: MyISAM). Supported versions that\n are affected are 5.5.60 and prior, 5.6.40 and prior and\n 5.7.22 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2018-3058)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.5.60 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3063)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Storage Engines). Supported\n versions that are affected are 5.5.61 and prior, 5.6.41\n and prior, 5.7.23 and prior and 8.0.12 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3282)\n\n - Vulnerability in the MySQL Client component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Client as well as unauthorized update,\n insert or delete access to some of MySQL Client\n accessible data. CVSS 3.0 Base Score 5.0 (Integrity and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Options). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior and 5.7.22 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.3\n (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2018-3066)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Connection Handling).\n Supported versions that are affected are 5.6.42 and\n prior, 5.7.24 and prior and 8.0.13 and prior. Difficult\n to exploit vulnerability allows low privileged attacker\n with access to the physical communication segment\n attached to the hardware where the MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all MySQL Server\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.4 (Confidentiality and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2019-2503)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.6.43 and prior, 5.7.25\n and prior and 8.0.15 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2614)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.43 and\n prior, 5.7.25 and prior and 8.0.15 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2627)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24\n and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0197\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL mariadb packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"mariadb-5.5.64-1.el7\",\n \"mariadb-bench-5.5.64-1.el7\",\n \"mariadb-debuginfo-5.5.64-1.el7\",\n \"mariadb-devel-5.5.64-1.el7\",\n \"mariadb-embedded-5.5.64-1.el7\",\n \"mariadb-embedded-devel-5.5.64-1.el7\",\n \"mariadb-libs-5.5.64-1.el7\",\n \"mariadb-server-5.5.64-1.el7\",\n \"mariadb-test-5.5.64-1.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"mariadb-5.5.64-1.el7\",\n \"mariadb-bench-5.5.64-1.el7\",\n \"mariadb-debuginfo-5.5.64-1.el7\",\n \"mariadb-devel-5.5.64-1.el7\",\n \"mariadb-embedded-5.5.64-1.el7\",\n \"mariadb-embedded-devel-5.5.64-1.el7\",\n \"mariadb-libs-5.5.64-1.el7\",\n \"mariadb-server-5.5.64-1.el7\",\n \"mariadb-test-5.5.64-1.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T01:30:30", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es) :\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nJul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct\n2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU\nJan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)\n(CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)\n(CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nApr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.", "edition": 16, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-30T00:00:00", "title": "CentOS 7 : mariadb (CESA-2019:2327)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mariadb-bench", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:mariadb-embedded-devel", "p-cpe:/a:centos:centos:mariadb-devel", "p-cpe:/a:centos:centos:mariadb-test", "p-cpe:/a:centos:centos:mariadb-embedded", "p-cpe:/a:centos:centos:mariadb-server", "p-cpe:/a:centos:centos:mariadb", "p-cpe:/a:centos:centos:mariadb-libs"], "id": "CENTOS_RHSA-2019-2327.NASL", "href": "https://www.tenable.com/plugins/nessus/128390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2327 and \n# CentOS Errata and Security Advisory 2019:2327 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128390);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-3282\", \"CVE-2019-2503\", \"CVE-2019-2529\", \"CVE-2019-2614\", \"CVE-2019-2627\");\n script_xref(name:\"RHSA\", value:\"2019:2327\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2019:2327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es) :\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nJul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct\n2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU\nJan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)\n(CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)\n(CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU\nApr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)\n(CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005989.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54cf1275\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.64-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.64-1.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T01:17:13", "description": "Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Connection Handling). Supported versions that\nare affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and\nprior. Difficult to exploit vulnerability allows low privileged\nattacker with access to the physical communication segment attached to\nthe hardware where the MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized access to critical data or complete access to all MySQL\nServer accessible data and unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 6.4 (Confidentiality and Availability impacts). CVSS\nVector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503\n)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: MyISAM). Supported versions that are affected are\n5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized update,\ninsert or delete access to some of MySQL Server accessible data. CVSS\n3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2018-3058 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Storage Engines). Supported versions that are\naffected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and\n8.0.12 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3282)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2614)\n\nVulnerability in the MySQL Client component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11\nand prior. Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Client. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Client as well as unauthorized update, insert\nor delete access to some of MySQL Client accessible data. CVSS 3.0\nBase Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.60 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3063)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2529)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and\nprior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2627)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Options). Supported versions that are affected\nare 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized update,\ninsert or delete access to some of MySQL Server accessible data as\nwell as unauthorized read access to a subset of MySQL Server\naccessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and\nIntegrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). (CVE-2018-3066)", "edition": 17, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-09-20T00:00:00", "title": "Amazon Linux 2 : mariadb (ALAS-2019-1292)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mariadb-debuginfo", "p-cpe:/a:amazon:linux:mariadb-test", "p-cpe:/a:amazon:linux:mariadb-libs", "p-cpe:/a:amazon:linux:mariadb-server", "p-cpe:/a:amazon:linux:mariadb-devel", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:mariadb-embedded-devel", "p-cpe:/a:amazon:linux:mariadb-embedded", "p-cpe:/a:amazon:linux:mariadb", "p-cpe:/a:amazon:linux:mariadb-bench"], "id": "AL2_ALAS-2019-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/129071", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1292.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129071);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-3282\", \"CVE-2019-2503\", \"CVE-2019-2529\", \"CVE-2019-2614\", \"CVE-2019-2627\");\n script_xref(name:\"ALAS\", value:\"2019-1292\");\n\n script_name(english:\"Amazon Linux 2 : mariadb (ALAS-2019-1292)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Connection Handling). Supported versions that\nare affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and\nprior. Difficult to exploit vulnerability allows low privileged\nattacker with access to the physical communication segment attached to\nthe hardware where the MySQL Server executes to compromise MySQL\nServer. Successful attacks of this vulnerability can result in\nunauthorized access to critical data or complete access to all MySQL\nServer accessible data and unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 6.4 (Confidentiality and Availability impacts). CVSS\nVector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503\n)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: MyISAM). Supported versions that are affected are\n5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily\nexploitable vulnerability allows low privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized update,\ninsert or delete access to some of MySQL Server accessible data. CVSS\n3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2018-3058 )\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Storage Engines). Supported versions that are\naffected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and\n8.0.12 and prior. Easily exploitable vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3282)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Replication). Supported versions that are\naffected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior.\nDifficult to exploit vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2614)\n\nVulnerability in the MySQL Client component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11\nand prior. Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Client. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Client as well as unauthorized update, insert\nor delete access to some of MySQL Client accessible data. CVSS 3.0\nBase Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.60 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3063)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior.\nEasily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2529)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and\nprior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2019-2627)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Options). Supported versions that are affected\nare 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult\nto exploit vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized update,\ninsert or delete access to some of MySQL Server accessible data as\nwell as unauthorized read access to a subset of MySQL Server\naccessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and\nIntegrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). (CVE-2018-3066)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1292.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mariadb' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-bench-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-debuginfo-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-devel-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-embedded-devel-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-libs-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-server-5.5.64-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mariadb-test-5.5.64-1.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T12:05:29", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mariadb packages installed that are affected\nby multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Storage Engines). Supported\n versions that are affected are 5.5.61 and prior, 5.6.41\n and prior, 5.7.23 and prior and 8.0.12 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3282)\n\n - Vulnerability in the MySQL Client component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Client as well as unauthorized update,\n insert or delete access to some of MySQL Client\n accessible data. CVSS 3.0 Base Score 5.0 (Integrity and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Options). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior and 5.7.22 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.3\n (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2018-3066)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Connection Handling).\n Supported versions that are affected are 5.6.42 and\n prior, 5.7.24 and prior and 8.0.13 and prior. Difficult\n to exploit vulnerability allows low privileged attacker\n with access to the physical communication segment\n attached to the hardware where the MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all MySQL Server\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.4 (Confidentiality and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2019-2503)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.6.43 and prior, 5.7.25\n and prior and 8.0.15 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2614)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.43 and\n prior, 5.7.25 and prior and 8.0.15 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2627)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24\n and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2529)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: MyISAM). Supported versions that\n are affected are 5.5.60 and prior, 5.6.40 and prior and\n 5.7.22 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2018-3058)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.5.60 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3063)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 15, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-12-31T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : mariadb Multiple Vulnerabilities (NS-SA-2019-0243)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2019-12-31T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0243_MARIADB.NASL", "href": "https://www.tenable.com/plugins/nessus/132455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0243. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132455);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-3058\",\n \"CVE-2018-3063\",\n \"CVE-2018-3066\",\n \"CVE-2018-3081\",\n \"CVE-2018-3282\",\n \"CVE-2019-2503\",\n \"CVE-2019-2529\",\n \"CVE-2019-2614\",\n \"CVE-2019-2627\"\n );\n script_bugtraq_id(\n 104766,\n 104786,\n 105610,\n 106619,\n 106626,\n 107927\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : mariadb Multiple Vulnerabilities (NS-SA-2019-0243)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mariadb packages installed that are affected\nby multiple vulnerabilities:\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Storage Engines). Supported\n versions that are affected are 5.5.61 and prior, 5.6.41\n and prior, 5.7.23 and prior and 8.0.12 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3282)\n\n - Vulnerability in the MySQL Client component of Oracle\n MySQL (subcomponent: Client programs). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior, 5.7.22 and prior and 8.0.11 and prior.\n Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Client. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Client as well as unauthorized update,\n insert or delete access to some of MySQL Client\n accessible data. CVSS 3.0 Base Score 5.0 (Integrity and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).\n (CVE-2018-3081)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Options). Supported\n versions that are affected are 5.5.60 and prior, 5.6.40\n and prior and 5.7.22 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.3\n (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).\n (CVE-2018-3066)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Connection Handling).\n Supported versions that are affected are 5.6.42 and\n prior, 5.7.24 and prior and 8.0.13 and prior. Difficult\n to exploit vulnerability allows low privileged attacker\n with access to the physical communication segment\n attached to the hardware where the MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all MySQL Server\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.4 (Confidentiality and\n Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2019-2503)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Replication). Supported\n versions that are affected are 5.6.43 and prior, 5.7.25\n and prior and 8.0.15 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2614)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.43 and\n prior, 5.7.25 and prior and 8.0.15 and prior. Easily\n exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2627)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Optimizer). Supported\n versions that are affected are 5.6.42 and prior, 5.7.24\n and prior and 8.0.13 and prior. Easily exploitable\n vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 6.5 (Availability impacts).\n CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2019-2529)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: MyISAM). Supported versions that\n are affected are 5.5.60 and prior, 5.6.40 and prior and\n 5.7.22 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 4.3\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2018-3058)\n\n - Vulnerability in the MySQL Server component of Oracle\n MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.5.60 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful attacks\n of this vulnerability can result in unauthorized ability\n to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9\n (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2018-3063)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL mariadb packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"mariadb-5.5.64-1.el7\",\n \"mariadb-bench-5.5.64-1.el7\",\n \"mariadb-debuginfo-5.5.64-1.el7\",\n \"mariadb-devel-5.5.64-1.el7\",\n \"mariadb-embedded-5.5.64-1.el7\",\n \"mariadb-embedded-devel-5.5.64-1.el7\",\n \"mariadb-libs-5.5.64-1.el7\",\n \"mariadb-server-5.5.64-1.el7\",\n \"mariadb-test-5.5.64-1.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"mariadb-5.5.64-1.el7\",\n \"mariadb-bench-5.5.64-1.el7\",\n \"mariadb-debuginfo-5.5.64-1.el7\",\n \"mariadb-devel-5.5.64-1.el7\",\n \"mariadb-embedded-5.5.64-1.el7\",\n \"mariadb-embedded-devel-5.5.64-1.el7\",\n \"mariadb-libs-5.5.64-1.el7\",\n \"mariadb-server-5.5.64-1.el7\",\n \"mariadb-test-5.5.64-1.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T09:01:19", "description": "According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - MariaDB is a community developed branch of MySQL.\n MariaDB is a multi-user, multi-threaded SQL database\n server. It is a client/server implementation consisting\n of a server daemon (mysqld) and many different client\n programs and libraries. The base package contains the\n standard MariaDB/MySQL client programs and generic\n MySQL files.Security Fix(es):Vulnerability in the MySQL\n Server component of Oracle MySQL (subcomponent: Server:\n Security: Privileges). Supported versions that are\n affected are 5.6.43 and prior, 5.7.25 and prior and\n 8.0.15 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2627)Vulnerability in the MySQL Client\n component of Oracle MySQL (subcomponent: Client\n programs). Supported versions that are affected are\n 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior\n and 8.0.11 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Client as well as unauthorized update, insert or delete\n access to some of MySQL Client accessible\n data.(CVE-2018-3081)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Connection Handling). Supported versions that are\n affected are 5.6.42 and prior, 5.7.24 and prior and\n 8.0.13 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with access to the\n physical communication segment attached to the hardware\n where the MySQL Server executes to compromise MySQL\n Server. Successful attacks of this vulnerability can\n result in unauthorized access to critical data or\n complete access to all MySQL Server accessible data and\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2503)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Optimizer). Supported versions that are affected are\n 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and\n prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2529)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are\n 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and\n prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2614)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: MyISAM).\n Supported versions that are affected are 5.5.60 and\n prior, 5.6.40 and prior and 5.7.22 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of MySQL Server accessible\n data.(CVE-2018-3058)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Security: Privileges). Supported versions that are\n affected are 5.5.60 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-3063)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Options). Supported versions that are affected are\n 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and\n prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data as well as unauthorized\n read access to a subset of MySQL Server accessible\n data.(CVE-2018-3066)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Storage Engines). Supported versions that are affected\n are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and\n prior and 8.0.12 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-3282)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: XML).\n Supported versions that are affected are 5.6.44 and\n prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server.(CVE-2019-2740)Vulnerability in\n the MySQL Server component of Oracle MySQL\n (subcomponent: Server: Security: Privileges). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26\n and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n logon to the infrastructure where MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of M(CVE-2019-2739)Vulnerability in the MySQL\n Server component of Oracle MySQL (subcomponent: Server:\n Parser). Supported versions that are affected are\n 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and\n prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2805)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server :\n Pluggable Auth). Supported versions that are affected\n are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2737)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-12-09T00:00:00", "title": "EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2019-2543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2019-2805", "CVE-2019-2737", "CVE-2019-2739", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:mariadb-libs"], "id": "EULEROS_SA-2019-2543.NASL", "href": "https://www.tenable.com/plugins/nessus/131817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131817);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-3058\",\n \"CVE-2018-3063\",\n \"CVE-2018-3066\",\n \"CVE-2018-3081\",\n \"CVE-2018-3282\",\n \"CVE-2019-2503\",\n \"CVE-2019-2529\",\n \"CVE-2019-2614\",\n \"CVE-2019-2627\",\n \"CVE-2019-2737\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2805\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2019-2543)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - MariaDB is a community developed branch of MySQL.\n MariaDB is a multi-user, multi-threaded SQL database\n server. It is a client/server implementation consisting\n of a server daemon (mysqld) and many different client\n programs and libraries. The base package contains the\n standard MariaDB/MySQL client programs and generic\n MySQL files.Security Fix(es):Vulnerability in the MySQL\n Server component of Oracle MySQL (subcomponent: Server:\n Security: Privileges). Supported versions that are\n affected are 5.6.43 and prior, 5.7.25 and prior and\n 8.0.15 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2627)Vulnerability in the MySQL Client\n component of Oracle MySQL (subcomponent: Client\n programs). Supported versions that are affected are\n 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior\n and 8.0.11 and prior. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Client as well as unauthorized update, insert or delete\n access to some of MySQL Client accessible\n data.(CVE-2018-3081)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Connection Handling). Supported versions that are\n affected are 5.6.42 and prior, 5.7.24 and prior and\n 8.0.13 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with access to the\n physical communication segment attached to the hardware\n where the MySQL Server executes to compromise MySQL\n Server. Successful attacks of this vulnerability can\n result in unauthorized access to critical data or\n complete access to all MySQL Server accessible data and\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2503)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Optimizer). Supported versions that are affected are\n 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and\n prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2529)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Replication). Supported versions that are affected are\n 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and\n prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2614)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: MyISAM).\n Supported versions that are affected are 5.5.60 and\n prior, 5.6.40 and prior and 5.7.22 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of MySQL Server accessible\n data.(CVE-2018-3058)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Security: Privileges). Supported versions that are\n affected are 5.5.60 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-3063)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Options). Supported versions that are affected are\n 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and\n prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data as well as unauthorized\n read access to a subset of MySQL Server accessible\n data.(CVE-2018-3066)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server:\n Storage Engines). Supported versions that are affected\n are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and\n prior and 8.0.12 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Server.(CVE-2018-3282)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server: XML).\n Supported versions that are affected are 5.6.44 and\n prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server.(CVE-2019-2740)Vulnerability in\n the MySQL Server component of Oracle MySQL\n (subcomponent: Server: Security: Privileges). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26\n and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows high privileged attacker with\n logon to the infrastructure where MySQL Server executes\n to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of M(CVE-2019-2739)Vulnerability in the MySQL\n Server component of Oracle MySQL (subcomponent: Server:\n Parser). Supported versions that are affected are\n 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and\n prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2805)Vulnerability in the MySQL Server\n component of Oracle MySQL (subcomponent: Server :\n Pluggable Auth). Supported versions that are affected\n are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and\n prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple\n protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL\n Server.(CVE-2019-2737)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2543\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d2b4f70\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.66-1.eulerosv2r7\",\n \"mariadb-bench-5.5.66-1.eulerosv2r7\",\n \"mariadb-devel-5.5.66-1.eulerosv2r7\",\n \"mariadb-libs-5.5.66-1.eulerosv2r7\",\n \"mariadb-server-5.5.66-1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-23T18:26:15", "description": "This update for mysql to version 5.5.61 fixes the following issues:\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-3066: Fixed a difficult to exploit\n vulnerability that allowed high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. (bsc#1101678)\n\n - CVE-2018-3070: Fixed an easily exploitable vulnerability\n that allowed low privileged attacker with network access\n via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server.\n (bsc#1101679)\n\n - CVE-2018-3081: Fixed a difficult to exploit\n vulnerability that allowed high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Client as well as unauthorized update, insert or delete\n access to some of MySQL Client accessible data.\n (bsc#1101680)\n\n - CVE-2018-3058: Fixed an easily exploitable vulnerability\n that allowed low privileged attacker with network access\n via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (bsc#1101676)\n\n - CVE-2018-3063: Fixed an easily exploitable vulnerability\n allowed high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server.\n (bsc#1101677) You can find more detailed information\n about this update in the [release\n notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/ne\n ws-5-5-61.html)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-08-20T00:00:00", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2018:2411-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2018-08-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:novell:suse_linux:mysql-tools", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libmysql55client18", "p-cpe:/a:novell:suse_linux:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:mysql-client"], "id": "SUSE_SU-2018-2411-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112014", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2411-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112014);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3070\", \"CVE-2018-3081\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2018:2411-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mysql to version 5.5.61 fixes the following issues:\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-3066: Fixed a difficult to exploit\n vulnerability that allowed high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server\n accessible data. (bsc#1101678)\n\n - CVE-2018-3070: Fixed an easily exploitable vulnerability\n that allowed low privileged attacker with network access\n via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server.\n (bsc#1101679)\n\n - CVE-2018-3081: Fixed a difficult to exploit\n vulnerability that allowed high privileged attacker with\n network access via multiple protocols to compromise\n MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of MySQL\n Client as well as unauthorized update, insert or delete\n access to some of MySQL Client accessible data.\n (bsc#1101680)\n\n - CVE-2018-3058: Fixed an easily exploitable vulnerability\n that allowed low privileged attacker with network access\n via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (bsc#1101676)\n\n - CVE-2018-3063: Fixed an easily exploitable vulnerability\n allowed high privileged attacker with network access via\n multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server.\n (bsc#1101677) You can find more detailed information\n about this update in the [release\n notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/ne\n ws-5-5-61.html)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3058/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3063/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3081/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182411-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82a29ecb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-13739=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-13739=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-13739=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.61-0.39.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.61-0.39.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T01:19:54", "description": "Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Options). Supported versions that are affected\nare 5.5.60 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data as well as unauthorized read access to a\nsubset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066)\n\nVulnerability in the MySQL Client component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.60 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Client. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Client as well as\nunauthorized update, insert or delete access to some of MySQL Client\naccessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.60 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Encryption). Supported versions that\nare affected are 5.5.60 and prior. Difficult to exploit vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized read access to a subset of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: MyISAM). Supported versions that are affected are\n5.5.60 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.60 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3063)", "edition": 21, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-08-24T00:00:00", "title": "Amazon Linux AMI : mysql55 (ALAS-2018-1068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql-config", "p-cpe:/a:amazon:linux:mysql55-test", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/112095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1068.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112095);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2767\", \"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3070\", \"CVE-2018-3081\");\n script_xref(name:\"ALAS\", value:\"2018-1068\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2018-1068)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Options). Supported versions that are affected\nare 5.5.60 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data as well as unauthorized read access to a\nsubset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3\n(Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066)\n\nVulnerability in the MySQL Client component of Oracle MySQL\n(subcomponent: Client programs). Supported versions that are affected\nare 5.5.60 and prior. Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Client. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Client as well as\nunauthorized update, insert or delete access to some of MySQL Client\naccessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Client mysqldump). Supported versions that are affected\nare 5.5.60 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n6.5 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Encryption). Supported versions that\nare affected are 5.5.60 and prior. Difficult to exploit vulnerability\nallows low privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized read access to a subset of\nMySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: MyISAM). Supported versions that are affected are\n5.5.60 and prior. Easily exploitable vulnerability allows low\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nMySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.60 and prior. Easily exploitable vulnerability\nallows high privileged attacker with network access via multiple\nprotocols to compromise MySQL Server. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3063)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1068.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql-config-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.61-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.61-1.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-09-14T16:24:42", "description": "The version of MySQL running on the remote host is 5.5.x prior to\n5.5.61. It is, therefore, affected by multiple vulnerabilities as\nnoted in the July 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 22, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2018-07-20T00:00:00", "title": "MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "id": "MYSQL_5_5_61_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/111154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111154);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/29\");\n\n script_cve_id(\n \"CVE-2018-2767\",\n \"CVE-2018-3058\",\n \"CVE-2018-3063\",\n \"CVE-2018-3066\",\n \"CVE-2018-3070\",\n \"CVE-2018-3081\"\n );\n script_bugtraq_id(\n 103954,\n 104766,\n 104779,\n 104786\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.61. It is, therefore, affected by multiple vulnerabilities as\nnoted in the July 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50f36723\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.61\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-14T16:24:42", "description": "The version of MySQL running on the remote host is 5.5.x prior to\n5.5.61. It is, therefore, affected by multiple vulnerabilities as\nnoted in the July 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 5.0, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2018-07-20T00:00:00", "title": "MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_61.NASL", "href": "https://www.tenable.com/plugins/nessus/111153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111153);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\n \"CVE-2018-2767\",\n \"CVE-2018-3058\",\n \"CVE-2018-3063\",\n \"CVE-2018-3066\",\n \"CVE-2018-3070\",\n \"CVE-2018-3081\"\n );\n script_bugtraq_id(\n 103954,\n 104766,\n 104779,\n 104786\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.61. It is, therefore, affected by multiple vulnerabilities as\nnoted in the July 2018 Critical Patch Update advisory. Please consult\nthe CVRF details for the applicable CVEs for additional information.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50f36723\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.61', min:'5.5', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-08-14T08:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "[1:5.5.64-1]\n- Rebase to 5.5.64\n- Resolves: #1490398\n- CVEs fixed: #1610986\n CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081\n- CVEs fixed: #1664043\n CVE-2018-3282 CVE-2019-2503\n- CVEs fixed: #1701686\n CVE-2019-2529", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2327", "href": "http://linux.oracle.com/errata/ELSA-2019-2327.html", "title": "mariadb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). ([CVE-2019-2503 __](<https://access.redhat.com/security/cve/CVE-2019-2503>) )\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ([CVE-2018-3058 __](<https://access.redhat.com/security/cve/CVE-2018-3058>) )\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-3282 __](<https://access.redhat.com/security/cve/CVE-2018-3282>))\n\n \nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2614 __](<https://access.redhat.com/security/cve/CVE-2019-2614>))\n\n \nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). ([CVE-2018-3081 __](<https://access.redhat.com/security/cve/CVE-2018-3081>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2018-3063 __](<https://access.redhat.com/security/cve/CVE-2018-3063>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2529 __](<https://access.redhat.com/security/cve/CVE-2019-2529>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2627 __](<https://access.redhat.com/security/cve/CVE-2019-2627>)) \n\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). ([CVE-2018-3066 __](<https://access.redhat.com/security/cve/CVE-2018-3066>))\n\n \n**Affected Packages:** \n\n\nmariadb\n\n \n**Issue Correction:** \nRun _yum update mariadb_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n mariadb-5.5.64-1.amzn2.aarch64 \n mariadb-libs-5.5.64-1.amzn2.aarch64 \n mariadb-server-5.5.64-1.amzn2.aarch64 \n mariadb-devel-5.5.64-1.amzn2.aarch64 \n mariadb-embedded-5.5.64-1.amzn2.aarch64 \n mariadb-embedded-devel-5.5.64-1.amzn2.aarch64 \n mariadb-bench-5.5.64-1.amzn2.aarch64 \n mariadb-test-5.5.64-1.amzn2.aarch64 \n mariadb-debuginfo-5.5.64-1.amzn2.aarch64 \n \n i686: \n mariadb-5.5.64-1.amzn2.i686 \n mariadb-libs-5.5.64-1.amzn2.i686 \n mariadb-server-5.5.64-1.amzn2.i686 \n mariadb-devel-5.5.64-1.amzn2.i686 \n mariadb-embedded-5.5.64-1.amzn2.i686 \n mariadb-embedded-devel-5.5.64-1.amzn2.i686 \n mariadb-bench-5.5.64-1.amzn2.i686 \n mariadb-test-5.5.64-1.amzn2.i686 \n mariadb-debuginfo-5.5.64-1.amzn2.i686 \n \n src: \n mariadb-5.5.64-1.amzn2.src \n \n x86_64: \n mariadb-5.5.64-1.amzn2.x86_64 \n mariadb-libs-5.5.64-1.amzn2.x86_64 \n mariadb-server-5.5.64-1.amzn2.x86_64 \n mariadb-devel-5.5.64-1.amzn2.x86_64 \n mariadb-embedded-5.5.64-1.amzn2.x86_64 \n mariadb-embedded-devel-5.5.64-1.amzn2.x86_64 \n mariadb-bench-5.5.64-1.amzn2.x86_64 \n mariadb-test-5.5.64-1.amzn2.x86_64 \n mariadb-debuginfo-5.5.64-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-09-13T23:24:00", "published": "2019-09-13T23:24:00", "id": "ALAS2-2019-1292", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1292.html", "title": "Medium: mariadb", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).([CVE-2018-3066 __](<https://access.redhat.com/security/cve/CVE-2018-3066>))\n\nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-3081 __](<https://access.redhat.com/security/cve/CVE-2018-3081>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-3070 __](<https://access.redhat.com/security/cve/CVE-2018-3070>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2767 __](<https://access.redhat.com/security/cve/CVE-2018-2767>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).([CVE-2018-3058 __](<https://access.redhat.com/security/cve/CVE-2018-3058>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-3063 __](<https://access.redhat.com/security/cve/CVE-2018-3063>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-server-5.5.61-1.22.amzn1.i686 \n mysql55-test-5.5.61-1.22.amzn1.i686 \n mysql55-embedded-devel-5.5.61-1.22.amzn1.i686 \n mysql-config-5.5.61-1.22.amzn1.i686 \n mysql55-debuginfo-5.5.61-1.22.amzn1.i686 \n mysql55-bench-5.5.61-1.22.amzn1.i686 \n mysql55-5.5.61-1.22.amzn1.i686 \n mysql55-libs-5.5.61-1.22.amzn1.i686 \n mysql55-embedded-5.5.61-1.22.amzn1.i686 \n mysql55-devel-5.5.61-1.22.amzn1.i686 \n \n src: \n mysql55-5.5.61-1.22.amzn1.src \n \n x86_64: \n mysql55-embedded-devel-5.5.61-1.22.amzn1.x86_64 \n mysql55-server-5.5.61-1.22.amzn1.x86_64 \n mysql55-embedded-5.5.61-1.22.amzn1.x86_64 \n mysql55-5.5.61-1.22.amzn1.x86_64 \n mysql55-bench-5.5.61-1.22.amzn1.x86_64 \n mysql-config-5.5.61-1.22.amzn1.x86_64 \n mysql55-debuginfo-5.5.61-1.22.amzn1.x86_64 \n mysql55-libs-5.5.61-1.22.amzn1.x86_64 \n mysql55-test-5.5.61-1.22.amzn1.x86_64 \n mysql55-devel-5.5.61-1.22.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-08-22T19:33:00", "published": "2018-08-22T19:33:00", "id": "ALAS-2018-1068", "href": "https://alas.aws.amazon.com/ALAS-2018-1068.html", "title": "Medium: mysql55", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2767", "CVE-2018-0739", "CVE-2018-3062", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3064", "CVE-2018-3066"], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-3070 __](<https://access.redhat.com/security/cve/CVE-2018-3070>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).([CVE-2018-2767 __](<https://access.redhat.com/security/cve/CVE-2018-2767>))\n\nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-3081 __](<https://access.redhat.com/security/cve/CVE-2018-3081>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).([CVE-2018-3062 __](<https://access.redhat.com/security/cve/CVE-2018-3062>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected 5.6.40 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).([CVE-2018-3066 __](<https://access.redhat.com/security/cve/CVE-2018-3066>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).([CVE-2018-3064 __](<https://access.redhat.com/security/cve/CVE-2018-3064>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).([CVE-2018-3058 __](<https://access.redhat.com/security/cve/CVE-2018-3058>))\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-bench-5.6.41-1.30.amzn1.i686 \n mysql56-embedded-5.6.41-1.30.amzn1.i686 \n mysql56-common-5.6.41-1.30.amzn1.i686 \n mysql56-server-5.6.41-1.30.amzn1.i686 \n mysql56-test-5.6.41-1.30.amzn1.i686 \n mysql56-5.6.41-1.30.amzn1.i686 \n mysql56-devel-5.6.41-1.30.amzn1.i686 \n mysql56-debuginfo-5.6.41-1.30.amzn1.i686 \n mysql56-errmsg-5.6.41-1.30.amzn1.i686 \n mysql56-embedded-devel-5.6.41-1.30.amzn1.i686 \n mysql56-libs-5.6.41-1.30.amzn1.i686 \n \n src: \n mysql56-5.6.41-1.30.amzn1.src \n \n x86_64: \n mysql56-5.6.41-1.30.amzn1.x86_64 \n mysql56-test-5.6.41-1.30.amzn1.x86_64 \n mysql56-bench-5.6.41-1.30.amzn1.x86_64 \n mysql56-debuginfo-5.6.41-1.30.amzn1.x86_64 \n mysql56-embedded-5.6.41-1.30.amzn1.x86_64 \n mysql56-libs-5.6.41-1.30.amzn1.x86_64 \n mysql56-errmsg-5.6.41-1.30.amzn1.x86_64 \n mysql56-common-5.6.41-1.30.amzn1.x86_64 \n mysql56-embedded-devel-5.6.41-1.30.amzn1.x86_64 \n mysql56-devel-5.6.41-1.30.amzn1.x86_64 \n mysql56-server-5.6.41-1.30.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-08-22T19:34:00", "published": "2018-08-22T19:34:00", "id": "ALAS-2018-1069", "href": "https://alas.aws.amazon.com/ALAS-2018-1069.html", "title": "Medium: mysql56", "type": "amazon", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2020-09-24T02:48:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2020-14550", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2327\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es):\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005989.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-08-30T03:38:17", "published": "2019-08-30T03:38:17", "id": "CESA-2019:2327", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005989.html", "title": "mariadb security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2020-09-23T23:43:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3066", "CVE-2018-3081", "CVE-2018-3282", "CVE-2019-2503", "CVE-2019-2529", "CVE-2019-2614", "CVE-2019-2627", "CVE-2020-14550"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043)\n\nSecurity Fix(es):\n\n* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)\n\n* mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)\n\n* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2020-09-24T00:39:25", "published": "2019-08-06T12:25:40", "id": "RHSA-2019:2327", "href": "https://access.redhat.com/errata/RHSA-2019:2327", "type": "redhat", "title": "(RHSA-2019:2327) Moderate: mariadb security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2020-02-26T16:49:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2529", "CVE-2019-2614", "CVE-2018-3282", "CVE-2019-2805", "CVE-2019-2737", "CVE-2019-2739", "CVE-2018-3058", "CVE-2019-2627", "CVE-2019-2503", "CVE-2018-3081", "CVE-2018-3063", "CVE-2018-3066"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192543", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-2543)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2543\");\n script_version(\"2020-01-23T13:04:49+0000\");\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3081\", \"CVE-2018-3282\", \"CVE-2019-2503\", \"CVE-2019-2529\", \"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2737\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2805\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:04:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:04:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-2543)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2543\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2543\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2019-2543 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2627)\n\nVulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data.(CVE-2018-3081)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2503)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Serv ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.66~1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-01-29T20:07:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3174", "CVE-2018-3282", "CVE-2018-3133", "CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.62, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle", "modified": "2020-01-29T00:00:00", "published": "2018-11-06T00:00:00", "id": "OPENVAS:1361412562310891566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891566", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-5.5 (DLA-1566-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891566\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-2767\", \"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3066\", \"CVE-2018-3070\",\n \"CVE-2018-3081\", \"CVE-2018-3133\", \"CVE-2018-3174\", \"CVE-2018-3282\");\n script_name(\"Debian LTS: Security Advisory for mysql-5.5 (DLA-1566-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-06 00:00:00 +0100 (Tue, 06 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html\");\n script_xref(name:\"URL\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\");\n script_xref(name:\"URL\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.5.62-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.62, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.62-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-01-29T20:12:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066"], "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.36.\n\nCVE-2018-3058\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data.\n\nCVE-2018-3063\n\n Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server.\n\nCVE-2018-3064\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server as well as unauthorized update, insert or delete access\n to some of MySQL Server accessible data.\n\nCVE-2018-3066\n\n Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data\n as well as unauthorized read access to a subset of MySQL Server\n accessible data.", "modified": "2020-01-29T00:00:00", "published": "2018-09-03T00:00:00", "id": "OPENVAS:1361412562310891488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891488", "type": "openvas", "title": "Debian LTS: Security Advisory for mariadb-10.0 (DLA-1488-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891488\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-3058\", \"CVE-2018-3063\", \"CVE-2018-3064\", \"CVE-2018-3066\");\n script_name(\"Debian LTS: Security Advisory for mariadb-10.0 (DLA-1488-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-03 00:00:00 +0200 (Mon, 03 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n10.0.36-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.36.\n\nCVE-2018-3058\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data.\n\nCVE-2018-3063\n\n Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server.\n\nCVE-2018-3064\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server as well as unauthorized update, insert or delete access\n to some of MySQL Server accessible data.\n\nCVE-2018-3066\n\n Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data\n as well as unauthorized read access to a subset of MySQL Server\n accessible data.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.36-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-06-07T12:42:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2019-06-06T00:00:00", "published": "2019-06-06T00:00:00", "id": "OPENVAS:1361412562310844042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844042", "type": "openvas", "title": "Ubuntu Update for mariadb-10.1 USN-3957-3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844042\");\n script_version(\"2019-06-06T13:02:35+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-06 13:02:35 +0000 (Thu, 06 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:00:47 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Ubuntu Update for mariadb-10.1 USN-3957-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3957-3\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-June/004945.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb-10.1'\n package(s) announced via the USN-3957-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3957-1 fixed multiple vulnerabilities in MySQL. This update\nprovides the\ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB\n10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes,\nnew\nfeatures, and possibly incompatible changes.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update\nincludes\na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04\nhave\nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew\nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\");\n\n script_tag(name:\"affected\", value:\"'mariadb-10.1' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"1:10.1.40-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T16:30:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852878", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1913-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852878\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:40:41 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1913-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1913-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb, mariadb-connector-c'\n package(s) announced via the openSUSE-SU-2019:1913-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1913=1\");\n\n script_tag(name:\"affected\", value:\"'mariadb, ' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel\", rpm:\"libmariadb-devel~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel-debuginfo\", rpm:\"libmariadb-devel-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3\", rpm:\"libmariadb3~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-debuginfo\", rpm:\"libmariadb3-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins\", rpm:\"libmariadb_plugins~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins-debuginfo\", rpm:\"libmariadb_plugins-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate\", rpm:\"libmariadbprivate~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate-debuginfo\", rpm:\"libmariadbprivate-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-connector-c-debugsource\", rpm:\"mariadb-connector-c-debugsource~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.25~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit\", rpm:\"libmariadb3-32bit~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit-debuginfo\", rpm:\"libmariadb3-32bit-debuginfo~3.1.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T16:53:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-08-16T00:00:00", "id": "OPENVAS:1361412562310852654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852654", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1915-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852654\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-2614\", \"CVE-2019-2627\", \"CVE-2019-2628\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-16 02:01:06 +0000 (Fri, 16 Aug 2019)\");\n script_name(\"openSUSE: Security Advisory for mariadb, mariadb-connector-c (openSUSE-SU-2019:1915-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1915-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb, mariadb-connector-c'\n package(s) announced via the openSUSE-SU-2019:1915-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1915=1\");\n\n script_tag(name:\"affected\", value:\"'mariadb, ' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel\", rpm:\"libmariadb-devel~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb-devel-debuginfo\", rpm:\"libmariadb-devel-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3\", rpm:\"libmariadb3~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-debuginfo\", rpm:\"libmariadb3-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins\", rpm:\"libmariadb_plugins~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb_plugins-debuginfo\", rpm:\"libmariadb_plugins-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate\", rpm:\"libmariadbprivate~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadbprivate-debuginfo\", rpm:\"libmariadbprivate-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19\", rpm:\"libmysqld19~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld19-debuginfo\", rpm:\"libmysqld19-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-connector-c-debugsource\", rpm:\"mariadb-connector-c-debugsource~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-galera\", rpm:\"mariadb-galera~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.2.25~lp150.2.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit\", rpm:\"libmariadb3-32bit~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmariadb3-32bit-debuginfo\", rpm:\"libmariadb3-32bit-debuginfo~3.1.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-1559"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142403", "type": "openvas", "title": "Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142403\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 11:10:56 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-1559\", \"CVE-2019-2683\", \"CVE-2019-2627\", \"CVE-2019-2614\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.6.44, 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.6.44\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.6.44\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.25\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-1559"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142402", "type": "openvas", "title": "Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142402\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 11:03:51 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2019-1559\", \"CVE-2019-2683\", \"CVE-2019-2627\", \"CVE-2019-2614\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL < 5.6.44, < 5.7.26, < 8.0.16 Security Update (2019-5072813) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.6.44, 5.7.26, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"5.6.44\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.6.44\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.25\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.26\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3070", "CVE-2018-3066"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-07-18T00:00:00", "id": "OPENVAS:1361412562310813706", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813706", "type": "openvas", "title": "Oracle MySQL Security Updates-02 (jul2018-4258247) Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle MySQL Security Updates-02 (jul2018-4258247) Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813706\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2767\", \"CVE-2018-3066\", \"CVE-2018-3058\", \"CVE-2018-3070\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-18 12:31:41 +0530 (Wed, 18 Jul 2018)\");\n script_name(\"Oracle MySQL Security Updates-02 (jul2018-4258247) Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors in\n 'Server: Security: Encryption', 'Server: Options', 'MyISAM', 'Client mysqldump'\n components of application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.60 and earlier,\n 5.6.40 and earlier, 5.7.22 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE) ) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.60\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.40\")||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.22\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3070", "CVE-2018-3066"], "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-07-18T00:00:00", "id": "OPENVAS:1361412562310813707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813707", "type": "openvas", "title": "Oracle MySQL Security Updates-02 (jul2018-4258247) Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle MySQL Security Updates-02 (jul2018-4258247) Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813707\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-2767\", \"CVE-2018-3066\", \"CVE-2018-3058\", \"CVE-2018-3070\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-18 12:31:41 +0530 (Wed, 18 Jul 2018)\");\n script_name(\"Oracle MySQL Security Updates-02 (jul2018-4258247) Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors in\n 'Server: Security: Encryption', 'Server: Options', 'MyISAM', 'Client mysqldump'\n components of application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.60 and earlier,\n 5.6.40 and earlier, 5.7.22 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE) ) exit(0);\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.60\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.40\")||\n version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.22\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "cve": [{"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-18T13:29:00", "title": "CVE-2018-3063", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3063"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.5.60", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-3063", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3063", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.60:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-07-18T13:29:00", "title": "CVE-2018-3058", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3058"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.22", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.6.40", "cpe:/a:oracle:mysql:5.5.60", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-3058", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3058", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.40:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.22:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.60:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 13, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2614", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2614"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.25", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:oracle:mysql:5.6.43", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-2614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2614", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.43:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).", "edition": 8, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.3, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2018-07-18T13:29:00", "title": "CVE-2018-3066", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3066"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.22", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.6.40", "cpe:/a:oracle:mysql:5.5.60", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-3066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3066", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.40:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.22:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.60:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:42", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-17T01:31:00", "title": "CVE-2018-3282", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3282"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:mysql:5.7.23", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql:8.0.12", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:oracle:mysql:5.5.61", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.6.41", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-3282", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3282", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.61:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.41:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 12, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2627", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2627"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.25", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:oracle:mysql:5.6.43", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-2627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2627", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.7.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.43:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 12, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-16T19:30:00", "title": "CVE-2019-2529", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2529"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:mysql:5.7.24", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:oracle:mysql:8.0.13", "cpe:/a:netapp:snapcenter:-", "cpe:/a:netapp:storage_automation_store:-", "cpe:/a:oracle:mysql:5.6.42"], "id": "CVE-2019-2529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2529", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:oracle:mysql:5.6.42:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.24:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-01-16T19:30:00", "title": "CVE-2019-2503", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.8, "vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2503"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:5.7.24", "cpe:/a:oracle:mysql:8.0.13", "cpe:/a:oracle:mysql:5.6.42"], "id": "CVE-2019-2503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2503", "cvss": {"score": 3.8, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.42:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.24:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).", "edition": 9, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2018-07-18T13:29:00", "title": "CVE-2018-3081", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3081"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:mysql:5.7.22", "cpe:/a:oracle:mysql:8.0.11", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:mysql:5.6.40", "cpe:/a:oracle:mysql:5.5.60", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-3081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3081", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.6.40:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.22:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.60:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "description": "USN-3725-1 fixed several vulnerabilities in MySQL. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.61 in Ubuntu 12.04 ESM.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html>", "edition": 6, "modified": "2018-07-30T00:00:00", "published": "2018-07-30T00:00:00", "id": "USN-3725-2", "href": "https://ubuntu.com/security/notices/USN-3725-2", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-07-02T11:41:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the \ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1.\n\nUbuntu 18.04 LTS has been updated to MariaDB 10.1.40.\n\nIn addition to security fixes, the updated package contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://mariadb.com/kb/en/library/mariadb-10140-changelog/> \n<https://mariadb.com/kb/en/library/mariadb-10140-release-notes/>\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 2, "modified": "2019-06-05T00:00:00", "published": "2019-06-05T00:00:00", "id": "USN-3957-3", "href": "https://ubuntu.com/security/notices/USN-3957-3", "title": "MariaDB vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:40:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2627"], "description": "USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the \ncorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 5.5.\n\nUbuntu 14.04 LTS has been updated to MariaDB 5.5.64.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://mariadb.com/kb/en/library/mariadb-5564-changelog/> \n<https://mariadb.com/kb/en/library/mariadb-5564-release-notes/>\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 4, "modified": "2019-05-23T00:00:00", "published": "2019-05-23T00:00:00", "id": "USN-3957-2", "href": "https://ubuntu.com/security/notices/USN-3957-2", "title": "MariaDB vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3061", "CVE-2018-3065", "CVE-2018-2767", "CVE-2018-3062", "CVE-2018-3060", "CVE-2018-3071", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3077", "CVE-2018-3054", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3056"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and \nUbuntu 18.04 LTS have been updated to MySQL 5.7.23.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html> \n<http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html>", "edition": 5, "modified": "2018-07-30T00:00:00", "published": "2018-07-30T00:00:00", "id": "USN-3725-1", "href": "https://ubuntu.com/security/notices/USN-3725-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-07-02T11:41:36", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2592", "CVE-2019-2683", "CVE-2019-2614", "CVE-2019-2566", "CVE-2019-2581", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2627"], "description": "Multiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have \nbeen updated to MySQL 5.7.26.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html> \n<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html>", "edition": 3, "modified": "2019-04-29T00:00:00", "published": "2019-04-29T00:00:00", "id": "USN-3957-1", "href": "https://ubuntu.com/security/notices/USN-3957-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T01:09:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3174", "CVE-2018-3282", "CVE-2018-3133", "CVE-2018-2767", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3063", "CVE-2018-3066"], "description": "Package : mysql-5.5\nVersion : 5.5.62-0+deb8u1\nCVE ID : CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 \n CVE-2018-3070 CVE-2018-3081 CVE-2018-3133 CVE-2018-3174 \n CVE-2018-3282\n\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.62, which includes additional changes. Please see the MySQL\n5.5 Release Notes and Oracle's Critical Patch Update advisory for\nfurther details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n5.5.62-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-11-05T18:06:49", "published": "2018-11-05T18:06:49", "id": "DEBIAN:DLA-1566-1:59CB5", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00004.html", "title": "[SECURITY] [DLA 1566-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-08-12T01:02:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3058", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066"], "description": "Package : mariadb-10.0\nVersion : 10.0.36-0+deb8u1\nCVE ID : CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066\nDebian Bug : 904121\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.36. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10036-release-notes/\n\nCVE-2018-3058\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data.\n\nCVE-2018-3063\n\n Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server.\n\nCVE-2018-3064\n\n Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS)\n of MySQL Server as well as unauthorized update, insert or delete access\n to some of MySQL Server accessible data.\n\nCVE-2018-3066\n\n Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of MySQL Server accessible data\n as well as unauthorized read access to a subset of MySQL Server\n accessible data.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n10.0.36-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-08-31T22:01:43", "published": "2018-08-31T22:01:43", "id": "DEBIAN:DLA-1488-1:30CC3", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201808/msg00036.html", "title": "[SECURITY] [DLA 1488-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2019-08-15T16:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-08-15T15:13:15", "published": "2019-08-15T15:13:15", "id": "OPENSUSE-SU-2019:1913-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html", "title": "Security update for mariadb, mariadb-connector-c (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T16:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2614", "CVE-2019-2628", "CVE-2019-2627"], "description": "This update for mariadb and mariadb-connector-c fixes the following issues:\n\n mariadb:\n\n - Update to version 10.2.25 (bsc#1136035)\n - CVE-2019-2628: Fixed a remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2627: Fixed another remote denial of service by an privileged\n attacker (bsc#1136035).\n - CVE-2019-2614: Fixed a potential remote denial of service by an\n privileged attacker (bsc#1136035).\n - Fixed reading options for multiple instances if my${INSTANCE}.cnf is\n used (bsc#1132666)\n\n mariadb-connector-c:\n\n - Update to version 3.1.2 (bsc#1136035)\n - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for\n x86_64 (bsc#1126088)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-08-15T15:11:27", "published": "2019-08-15T15:11:27", "id": "OPENSUSE-SU-2019:1915-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html", "title": "Security update for mariadb, mariadb-connector-c (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-08-10T04:48:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2767", "CVE-2018-0739", "CVE-2018-3062", "CVE-2018-3058", "CVE-2018-3081", "CVE-2018-3070", "CVE-2018-3064", "CVE-2018-3066"], "description": "This update for mysql-community-server to version 5.6.41 fixes the\n following issues:\n\n Security vulnerabilities fixed:\n\n - CVE-2018-3064: Fixed an easily exploitable vulnerability that allowed a\n low privileged attacker with network access via multiple protocols to\n compromise the MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server as well as unauthorized\n update, insert or delete access to some of MySQL Server accessible data.\n (bsc#1103342)\n\n - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed a\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (bsc#1101679)\n\n - CVE-2018-0739: Fixed a stack exhaustion in case of recursively\n constructed ASN.1 types. (boo#1087102)\n\n - CVE-2018-3062: Fixed a difficult to exploit vulnerability that allowed\n low privileged attacker with network access via memcached to compromise\n MySQL Server. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. (bsc#1103344)\n\n - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed\n high privileged attacker with network access via multiple protocols to\n compromise MySQL Client. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client as well as unauthorized update,\n insert or delete access to some of MySQL Client accessible data.\n (bsc#1101680)\n\n - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access to some of MySQL\n Server accessible data. (bsc#1101676)\n\n - CVE-2018-3066: Fixed a difficult to exploit vulnerability allowed high\n privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access to some of MySQL\n Server accessible data as well as unauthorized read access to a subset\n of MySQL Server accessible data. (bsc#1101678)\n\n - CVE-2018-2767: Fixed a difficult to exploit vulnerability that allowed\n low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of MySQL Server\n accessible data. (boo#1088681)\n\n You can find more detailed information about this update in the [release\n notes](<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-41.html</a>)\n\n", "edition": 1, "modified": "2018-08-10T03:13:38", "published": "2018-08-10T03:13:38", "id": "OPENSUSE-SU-2018:2293-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00039.html", "title": "Security update for mysql-community-server (moderate)", "type": "suse", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-14T04:10:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3174", "CVE-2018-3282", "CVE-2018-3173", "CVE-2018-3156", "CVE-2018-3251", "CVE-2019-2537", "CVE-2019-2510", "CVE-2018-3284", "CVE-2018-3162", "CVE-2018-3060", "CVE-2018-3058", "CVE-2018-3143", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3185", "CVE-2018-3063", "CVE-2018-3200", "CVE-2018-3064", "CVE-2018-3066"], "description": "This update for mariadb to version 10.2.22 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise\n and lead to Denial of Service (bsc#1122198).\n - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise\n and lead to Denial of Service (bsc#1122198).\n - CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112377)\n - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct\n 2018) (bsc#1112432)\n - CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112391)\n - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112397)\n - CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112404)\n - CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112384)\n - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018)\n (bsc#1112368)\n - CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112386)\n - CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112415)\n - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112417)\n - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018)\n (bsc#1112421)\n - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component\n of Oracle MySQL (subcomponent Server Options). (bsc#1101678)\n - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018)\n (bsc#1103342)\n - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component\n of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)\n - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component\n of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)\n - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)\n\n Non-security issues fixed:\n\n - Fixed an issue where mysl_install_db fails due to incorrect basedir\n (bsc#1127027).\n - Fixed an issue where the lograte was not working (bsc#1112767).\n - Backport Information Schema CHECK_CONSTRAINTS Table.\n - Maximum value of table_definition_cache is now 2097152.\n - InnoDB ALTER TABLE fixes.\n - Galera crash recovery fixes.\n - Encryption fixes.\n - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so\n xtrabackup is not needed (bsc#1122475).\n - Maria DB testsuite - test main.plugin_auth failed (bsc#1111859)\n - Maria DB testsuite - test encryption.second_plugin-12863 failed\n (bsc#1111858)\n - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)\n - remove PerconaFT from the package as it has AGPL licence (bsc#1118754)\n - Database corruption after renaming a prefix-indexed column (bsc#1120041)\n\n\n Release notes and changelog:\n\n - <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/library/mariadb-10222-release-notes\">https://mariadb.com/kb/en/library/mariadb-10222-release-notes</a>\n - <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/library/mariadb-10222-changelog/\">https://mariadb.com/kb/en/library/mariadb-10222-changelog/</a>\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-03-14T00:10:19", "published": "2019-03-14T00:10:19", "id": "OPENSUSE-SU-2019:0327-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00021.html", "title": "Security update for mariadb (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2020-04-06T22:40:52", "bulletinFamily": "software", "cvelist": ["CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2614", "CVE-2019-2596", "CVE-2019-2607"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-25T06:39:00", "published": "2019-04-25T06:39:00", "id": "F5:K52514501", "href": "https://support.f5.com/csp/article/K52514501", "title": "MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:28", "bulletinFamily": "software", "cvelist": ["CVE-2018-3285", "CVE-2018-3282", "CVE-2018-3284", "CVE-2018-3283", "CVE-2018-3286"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-11-16T19:01:00", "published": "2018-11-16T19:01:00", "id": "F5:K50148721", "href": "https://support.f5.com/csp/article/K50148721", "title": "MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:58", "bulletinFamily": "software", "cvelist": ["CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2627"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-25T06:47:00", "published": "2019-04-25T06:46:00", "id": "F5:K32798641", "href": "https://support.f5.com/csp/article/K32798641", "title": "MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:53", "bulletinFamily": "software", "cvelist": ["CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2531", "CVE-2019-2534", "CVE-2019-2533"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-02-16T00:49:00", "published": "2019-02-16T00:49:00", "id": "F5:K21238552", "href": "https://support.f5.com/csp/article/K21238552", "title": "MySQL vulnerabilities CVE-2019-2529, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, and CVE-2019-2534", "type": "f5", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-04-06T22:39:52", "bulletinFamily": "software", "cvelist": ["CVE-2019-2528", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2507", "CVE-2019-2503"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-02-15T19:19:00", "published": "2019-02-15T19:19:00", "id": "F5:K04265252", "href": "https://support.f5.com/csp/article/K04265252", "title": "MySQL vulnerabilities CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, and CVE-2019-2528", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2510", "CVE-2019-2537", "CVE-2019-2614", "CVE-2019-2627", "CVE-2019-2628"], "description": "MariaDB is a community developed branch of MySQL - a multi-user, multi-thre aded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2019-08-15T18:10:30", "published": "2019-08-15T18:10:30", "id": "FEDORA:623C360E8D66", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: mariadb-10.3.17-1.fc30", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}
