Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2250
HistoryOct 21, 2023 - 1:39 p.m.

Advisory ROSA-SA-2023-2250

2023-10-2113:39:47
ROSA LAB
abf.rosalinux.ru
11
rosa-sa-2023-2250
mariadb
mysql
security
vulnerabilities
denial of service
access control
buffer boundaries
memory
remote attacker

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2018-25032
BDU-ID: 2022-01641
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially generated data to the application
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2562
BDU-ID: 2018-00342
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Server:Partition component of the MySQL database management system is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to gain privileges to modify, add, or delete data or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2612
BDU-ID: 2018-00341
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain privileges to create, delete, and modify MySQL data or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2018-2622
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Affected supported versions: 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. The easily exploitable vulnerability allows a low-privileged attacker with network access through multiple protocols to compromise MySQL Server.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2640
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Affected supported versions are 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. This easily exploitable vulnerability allows a low-privilege attacker with network access through multiple protocols to compromise MySQL Server. Successful attacks against this vulnerability can lead to an unauthorized opportunity to cause MySQL Server to hang or crash frequently (full DOS).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2665
BDU-ID: 2019-04693
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server:Optimizer component of the Oracle MySQL database management system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL network protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2668
BDU-ID: 2019-04692
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server:Optimizer component of the Oracle MySQL database management system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL network protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2755
BDU-ID: 2019-03538
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Replication component of the Oracle MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to the device using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2759
BDU-ID: 2019-03539
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2761
BDU-ID: 2019-03540
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Client programs component of the Oracle MySQL Server database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2766
BDU-ID: 2019-03541
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL Server database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2767
BDU-ID: 2020-00681
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Server:Security:Encryption component of the Oracle MySQL database management system is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to sensitive data
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2771
BDU-ID: 2019-03542
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Locking component of the Oracle MySQL Server database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2777
BDU-ID: 2019-03543
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2781
BDU-ID: 2019-03544
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Optimizer component of the Oracle MySQL Server database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2782
BDU-ID: 2019-03545
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2784
BDU-ID: 2019-03546
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2786
BDU-ID: 2019-03453
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data, cause hangs or denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2787
BDU-ID: 2019-03454
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data, cause hangs or denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2810
BDU-ID: 2019-03455
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmariadb< 10.5.20UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%