Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2251
HistoryOct 21, 2023 - 2:46 p.m.

Advisory ROSA-SA-2023-2251

2023-10-2114:46:06
ROSA LAB
abf.rosalinux.ru
9

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.3 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2018-2813
BDU-ID: 2019-03456
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2817
BDU-ID: 2019-03457
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-2819
BDU-ID: 2019-03458
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to incorrect resource release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3058
BDU-ID: 2020-00682
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the MyISAM component of the Oracle MySQL database management system is related to a flaw in the access control mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3060
BDU-ID: 2020-04694
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to critical data or all data available to MySQL Server or cause a denial of service via network packets
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3063
BDU-ID: 2020-00683
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server:Security:Privileges component of the Oracle MySQL database management system is related to a flaw in the access control mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3064
BDU-ID: 2018-00966
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected data, cause a denial of service using the MySQL Protocol network protocol
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3066
BDU-ID: 2019-01627
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in an Oracle MySQL server component is related to user access control errors. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to server functionality and data
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3081
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A difficult-to-exploit vulnerability allows an attacker with high privileges and network access through multiple protocols to compromise a MySQL client. Successful attacks against this vulnerability could result in an unauthorized ability to cause the MySQL client to hang or crash frequently (full DOS), as well as unauthorized update, insertion, or removal of access to some available MySQL client data.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3133
BDU-ID: 2019-00469
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Parser component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to hang or crash using specially crafted network packets
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3143
BDU-ID: 2019-00471
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to hang or crash using specially crafted network packets
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3156
BDU-ID: 2019-00473
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to hang or crash using specially crafted network packets
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3162
BDU-ID: 2019-00650
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2018-3173
BDU-ID: 2019-00652
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2018-3174
BDU-ID: 2019-00619
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Client programs component of the Oracle MySQL Server database management system is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3185
BDU-ID: 2019-00596
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to change file permissions or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3200
BDU-ID: 2019-00654
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2018-3251
BDU-ID: 2019-00590
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run command: sudo dnf update mariadb

CVE-ID: CVE-2018-3277
BDU-ID: 2019-00658
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the InnoDB component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2018-3282
BDU-ID: 2019-00662
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Server: Storage Engines component of the Oracle MySQL database management system is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmariadb< 10.5.20UNKNOWN

Related

suse 3
nessus 66
openvas 46
fedora 9
altlinux 4
osv 9
debian 5
mageia 3
slackware 1
ubuntu 4
amazon 9
ibm 3
oraclelinux 1
redhat 3
gentoo 1
centos 1
freebsd 1
f5 2
veracode 5
redhatcve 6
ubuntucve 1
mariadbunix 4
prion 3
cve 5
alpinelinux 4
suse
suse
Security update for mariadb (important)
2019-03-14 00:00:00
Security update for mysql-community-server (important)
2018-10-26 00:18:04
Security update for mysql-community-server (moderate)
2018-08-10 03:13:38
nessus
nessus
Fedora 28 : 3:mariadb (2018-55b875c1ac)
2019-01-03 00:00:00
openSUSE Security Update : mariadb (openSUSE-2019-327)
2019-03-14 00:00:00
SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)
2019-03-07 00:00:00
openvas
openvas
openSUSE: Security Advisory for mariadb (openSUSE-SU-2019:0327-1)
2019-03-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0555-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:4211-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mariadb-10.3.11-1.fc29
2018-12-22 03:02:42
[SECURITY] Fedora 27 Update: mariadb-10.2.19-1.fc27
2018-11-27 03:13:42
[SECURITY] Fedora 28 Update: mariadb-10.2.19-1.fc28
2018-11-19 01:53:27
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.3.11-alt1
2018-11-28 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.3.9-alt1
2018-08-19 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.35-alt1
2018-08-20 00:00:00
osv
osv
mysql-5.5 - security update
2018-11-05 00:00:00
mariadb-10.0 - security update
2018-08-31 00:00:00
mariadb-10.0 - security update
2018-11-07 00:00:00
debian
debian
[SECURITY] [DLA 1570-1] mariadb-10.0 security update
2018-11-07 18:07:25
[SECURITY] [DLA 1566-1] mysql-5.5 security update
2018-11-05 18:06:29
[SECURITY] [DLA 1488-1] mariadb-10.0 security update
2018-08-31 22:01:19
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-08-12 23:39:12
Updated mariadb packages fix security vulnerabilities
2018-11-27 18:26:11
Updated mariadb packages fix security vulnerability
2018-09-01 00:11:59
slackware
slackware
[slackware-security] mariadb
2018-11-06 04:16:18
ubuntu
ubuntu
MySQL vulnerabilities
2018-10-29 00:00:00
MySQL vulnerabilities
2018-10-23 00:00:00
MySQL vulnerabilities
2018-07-30 00:00:00
amazon
amazon
Medium: mysql56
2018-12-06 00:38:00
Medium: mysql57
2018-12-06 00:36:00
Medium: mysql55
2018-08-22 19:33:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.
2023-06-28 22:08:36
Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
2019-03-06 20:10:01
Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251)
2019-02-01 22:20:01
oraclelinux
oraclelinux
mariadb security and bug fix update
2019-08-13 00:00:00
redhat
redhat
(RHSA-2019:1258) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
2019-05-21 19:37:40
(RHSA-2019:2327) Moderate: mariadb security and bug fix update
2019-08-06 08:25:40
(RHSA-2018:3655) Moderate: rh-mysql57-mysql security update
2018-11-26 11:40:40
gentoo
gentoo
MariaDB, MySQL: Multiple vulnerabilities
2019-08-18 00:00:00
centos
centos
mariadb security update
2019-08-30 03:38:17
freebsd
freebsd
MySQL -- multiple vulnerabilities
2018-10-16 00:00:00
f5
f5
K53756439 : MySQL vulnerabilities CVE-2018-2767, CVE-2018-3063, CVE-2017-3653, and CVE-2018-3066
2022-01-18 00:00:00
K11009429 : MySQL vulnerabilities CVE-2018-3170, CVE-2018-3171, CVE-2018-3173, CVE-2018-3174, and CVE-2018-3182
2018-12-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:22:46
Denial Of Service (DoS)
2019-05-16 03:22:41
Denial Of Service (DoS)
2019-05-27 00:40:12
redhatcve
redhatcve
CVE-2018-3277
2020-04-02 08:57:23
CVE-2018-3060
2018-07-18 10:14:55
CVE-2018-3133
2019-11-04 09:45:59
ubuntucve
ubuntucve
CVE-2018-3277
2018-10-16 00:00:00
mariadbunix
mariadbunix
CVE-2018-3063
2018-07-18 13:29:00
CVE-2018-3133
2018-10-17 01:31:00
CVE-2018-3277
2018-10-17 01:31:00
prion
prion
Code injection
2018-10-17 01:31:00
Design/Logic Flaw
2018-07-18 13:29:00
Code injection
2018-10-17 01:31:00
cve
cve
CVE-2018-3277
2018-10-17 01:31:00
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3060
2018-07-18 13:29:00
alpinelinux
alpinelinux
CVE-2018-3251
2018-10-17 01:31:00
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3063
2018-07-18 13:29:00

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.3 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON
Related for ROSA-SA-2023-2251
suse3nessus66openvas46fedora9altlinux4osv9debian5mageia3slackware1ubuntu4amazon9ibm3oraclelinux1redhat3gentoo1centos1freebsd1f52veracode5redhatcve6ubuntucve1mariadbunix4prion3cve5alpinelinux4