Lucene search

ROSA LABROSA-SA-2021-1914

HistoryJul 02, 2021 - 5:27 p.m.

Advisory ROSA-SA-2021-1914

2021-07-0217:27:51

ROSA LAB

abf.rosalinux.ru

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

74.4%

JSON

Software: mariadb 5.5.68
OS: Cobalt 7.9

CVE-ID: CVE-2016-3492
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors associated with Server: Optimizer.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3495
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors associated with Server: InnoDB.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-5609
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via DML-related vectors.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5625
CVE-Crit: HIGH
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors associated with Server: Packaging.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5628
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via server-related vectors: DML.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5631
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors associated with Server: Memcached.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5632
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors associated with Server: Optimizer.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2016-5633
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors associated with Server: Performance Schema, a vulnerability other than CVE-2016-8290.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5634
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via RBR-related vectors.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5635
CVE-Crit: MEDIUM
CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors associated with Server: Security: Audit.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-15365
CVE-Crit: HIGH
CVE-DESC: sql / event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authentication users with SQL access can bypass intended access restrictions and replicate Data Definition Language (DDL) statements to cluster nodes using incorrect DDL replication order and ACL validation.
CVE-STATUS: Default
CVE-REV: Default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchmariadb< 5.5.68UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	mariadb	< 5.5.68	UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for ROSA-SA-2021-1914