ROSA LABROSA-SA-2023-2250Advisory ROSA-SA-2023-2250
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.003 Low
EPSS
Percentile
68.1%
software: mariadb 10.5.20
OS: ROSA-CHROME
package_evr_string: mariadb-10.5.20-1.src.rpm
CVE-ID: CVE-2018-25032
BDU-ID: 2022-01641
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially generated data to the application
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2562
BDU-ID: 2018-00342
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Server:Partition component of the MySQL database management system is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to gain privileges to modify, add, or delete data or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2612
BDU-ID: 2018-00341
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain privileges to create, delete, and modify MySQL data or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update mariadb
CVE-ID: CVE-2018-2622
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Affected supported versions: 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. The easily exploitable vulnerability allows a low-privileged attacker with network access through multiple protocols to compromise MySQL Server.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2640
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Affected supported versions are 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. This easily exploitable vulnerability allows a low-privilege attacker with network access through multiple protocols to compromise MySQL Server. Successful attacks against this vulnerability can lead to an unauthorized opportunity to cause MySQL Server to hang or crash frequently (full DOS).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2665
BDU-ID: 2019-04693
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server:Optimizer component of the Oracle MySQL database management system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL network protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2668
BDU-ID: 2019-04692
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server:Optimizer component of the Oracle MySQL database management system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL network protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2755
BDU-ID: 2019-03538
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Replication component of the Oracle MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to the device using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2759
BDU-ID: 2019-03539
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2761
BDU-ID: 2019-03540
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Client programs component of the Oracle MySQL Server database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2766
BDU-ID: 2019-03541
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL Server database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2767
BDU-ID: 2020-00681
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Server:Security:Encryption component of the Oracle MySQL database management system is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to sensitive data
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2771
BDU-ID: 2019-03542
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Locking component of the Oracle MySQL Server database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2777
BDU-ID: 2019-03543
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2781
BDU-ID: 2019-03544
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Optimizer component of the Oracle MySQL Server database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2782
BDU-ID: 2019-03545
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2784
BDU-ID: 2019-03546
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL ServerL database management system is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the MySQL protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2786
BDU-ID: 2019-03453
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data, cause hangs or denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2787
BDU-ID: 2019-03454
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data, cause hangs or denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb
CVE-ID: CVE-2018-2810
BDU-ID: 2019-03455
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.003 Low
EPSS
Percentile
68.1%