ID CVE-2016-9843
Summary The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
References
Vulnerable Configurations
  • GNU zlib 1.2.8
    cpe:2.3:a:gnu:zlib:1.2.8
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • openSUSE Leap 42.2
    cpe:2.3:o:opensuse:leap:42.2
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-189
CAPEC
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13.NASL
    description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 103598
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103598
    title macOS < 10.13 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1221.NASL
    description An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100118
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100118
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1386-1.NASL
    description This update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505 : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100377
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100377
    title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1385-1.NASL
    description This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100376
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100376
    title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1444-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100540
    published 2017-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100540
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-14.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 105714
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105714
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0005-1.NASL
    description This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105538
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105538
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3453.NASL
    description An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) For details on how to apply this update, which includes the changes described in this advisory, refer to : https://access.redhat.com/articles/11258 For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'). All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105267
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105267
    title RHEL 6 : Satellite Server (RHSA-2017:3453)
  • NASL family Web Servers
    NASL id IBM_TEM_9_2_11_19.NASL
    description According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.1.x prior to 9.1.1328.0 or 9.2.x prior to 9.2.11.19. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds pointer arithmetic error exists in zlib within file inftrees.c. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9840) - An out-of-bounds pointer arithmetic error exists in zlib within file inffast.c. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9841) - A flaw exists in zlib in the z_streamp() function within file inflate.c that is related to left shifts of negative numbers. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9842) - An out-of-bounds pointer flaw exists in the crc32_big() function within file crc32.c when handling big-endian pointer calculations. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9843) - A cross-site scripting (XSS) vulnerability exists in the web-based user interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1203) - An XML external entity (XXE) injection flaw exists when parsing XML data due to an incorrectly configured XML parser accepting XML external entities from untrusted sources. An authenticated, remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service condition. (CVE-2017-1219) IBM BigFix Platform was formerly known as Tivoli Endpoint Manager, IBM Endpoint Manager, and IBM BigFix Endpoint Manager. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 102019
    published 2017-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102019
    title IBM BigFix Platform 9.1.x < 9.1.1328.0 / 9.2.x < 9.2.11.19 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1389-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.45 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119998
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119998
    title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0003-1.NASL
    description This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96265
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96265
    title SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1499.NASL
    description This update for zlib fixes the following issues : - Remove incompatible declarations of 'struct internal_state' (boo#1003577) - Avoid out-of-bounds pointer arithmetic in inftrees.c (boo#1003579, CVE-2016-9840, CVE-2016-9841) - Avoid left-shift with negative number (boo#1003580, CVE-2016-9842) - Avoid undefined behaviour in pointer arithmetic on powerpc (boo#1013882, CVE-2016-9843)
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 95975
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95975
    title openSUSE Security Update : zlib (openSUSE-2016-1499)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1384-1.NASL
    description This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100375
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100375
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-47.NASL
    description This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 96377
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96377
    title openSUSE Security Update : zlib (openSUSE-2017-47)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-46.NASL
    description This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 96376
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96376
    title openSUSE Security Update : zlib (openSUSE-2017-46)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4211-1.NASL
    description This update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: https://kb.askmonty.org/en/mariadb-10037-release-notes https://kb.askmonty.org/en/mariadb-10037-changelog https://kb.askmonty.org/en/mariadb-10036-release-notes https://kb.askmonty.org/en/mariadb-10036-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 119869
    published 2018-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119869
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:4211-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1387-1.NASL
    description This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100378
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100378
    title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0004-1.NASL
    description This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96266
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96266
    title SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0004-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1220.NASL
    description An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100117
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100117
    title RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2989-1.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104531
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104531
    title SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0021.NASL
    description An update of [zlib,bindutils,ruby,krb5,sudo] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111870
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111870
    title Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)
  • NASL family Databases
    NASL id MARIADB_10_0_37.NASL
    description The version of MariaDB running of remote host is 10.0.0 prior to 10.0.37. It is, therefore, affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 121191
    published 2019-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121191
    title MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MARIADB_10_2_19.NASL
    description The version of MariaDB running of remote host is 10.2.0 prior to 10.2.19. It is, therefore, affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121394
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121394
    title MariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1222.NASL
    description An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100119
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100119
    title RHEL 6 : java-1.6.0-ibm (RHSA-2017:1222)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-56.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-56 (zlib: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 96691
    published 2017-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96691
    title GLSA-201701-56 : zlib: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3209-1.NASL
    description This update for zlib fixes the following issues : - Incompatible declarations for external linkage function deflate (bnc#1003577) - CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) - CVE-2016-9843: Big-endian out-of-bounds pointer Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96077
    published 2016-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96077
    title SUSE SLES11 Security Update : zlib (SUSE-SU-2016:3209-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0119-1.NASL
    description This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed : CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) Enable testing for client plugins (bsc#1111859) Improve test coverage by keeping debug_key_management.so (bsc#1111858) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 121294
    published 2019-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121294
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0119-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2999.NASL
    description An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104116
    published 2017-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104116
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)
  • NASL family Databases
    NASL id MYSQL_5_5_62.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118233
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118233
    title MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-242F6C1A41.NASL
    description **MariaDB 10.3.11** Release notes : https://mariadb.com/kb/en/mariadb-10311-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120294
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120294
    title Fedora 29 : 3:mariadb (2018-242f6c1a41)
  • NASL family Databases
    NASL id MYSQL_8_0_13.NASL
    description The version of MySQL running on the remote host is 8.0.x prior to 8.0.13. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118236
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118236
    title MySQL 8.0.x < 8.0.13 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-309-01.NASL
    description New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
    last seen 2019-02-21
    modified 2018-11-06
    plugin id 118746
    published 2018-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118746
    title Slackware 14.1 / 14.2 / current : mariadb (SSA:2018-309-01)
  • NASL family Databases
    NASL id MYSQL_5_6_42.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.42. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118234
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118234
    title MySQL 5.6.x < 5.6.42 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1115.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119474
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119474
    title Amazon Linux AMI : mysql56 (ALAS-2018-1115)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EC5072B0D43A11E8A6D2B499BAEBFEAF.NASL
    description Oracle reports : Please reference CVE/URL list for details
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 118248
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118248
    title FreeBSD : MySQL -- multiple vulnerabilities (ec5072b0-d43a-11e8-a6d2-b499baebfeaf)
  • NASL family Databases
    NASL id MYSQL_5_7_24.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.24 It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118235
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118235
    title MySQL 5.7.x < 5.7.24 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Databases
    NASL id MARIADB_5_5_62.NASL
    description The version of MariaDB running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple denial of service vulnerabilities. - A denial of service vulnerability exists in the crc32_big() function within file crc32.c due to an out-of bounds pointer flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause the application to stop responding. (CVE-2016-9843) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Client programs). An authenticated, local attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3174) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Storage Engines). An authenticated, remote attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3282) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Connection Handling). An authenticated, adjacent attacker can exploit this, to cause MySQL Server to stop responding. (CVE-2019-2503) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 122258
    published 2019-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122258
    title MariaDB 5.5.x < 5.5.62 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3972-1.NASL
    description This update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Release notes and changelog: https://kb.askmonty.org/en/mariadb-10037-release-notes https://kb.askmonty.org/en/mariadb-10037-changelog https://kb.askmonty.org/en/mariadb-10036-release-notes https://kb.askmonty.org/en/mariadb-10036-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119452
    published 2018-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119452
    title SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:3972-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0021_ZLIB.NASL
    description An update of the zlib package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121704
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121704
    title Photon OS 1.0: Zlib PHSA-2017-0021
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1114.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3155) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3284) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3161) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3171) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3144) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3173) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3283) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3162) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3185) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3187)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119473
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119473
    title Amazon Linux AMI : mysql57 (ALAS-2018-1114)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3046.NASL
    description An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104139
    published 2017-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104139
    title RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_APR2017_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) - An unspecified flaw exists in the XML subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-1289) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3509) - An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges. This vulnerability does not affect Java SE version 6. (CVE-2017-3511) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3514) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544) - An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3539)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 103189
    published 2017-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103189
    title AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1284.NASL
    description MySQL Community Server was updated to 5.6.42, fixing bugs and security issues : Changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-42.html Fixed CVEs : - CVE-2016-9843 [boo#1013882], CVE-2018-3143 [boo#1112421], - CVE-2018-3156 [boo#1112417], CVE-2018-3251 [boo#1112397], - CVE-2018-3133 [boo#1112369], CVE-2018-3247 [boo#1112398], - CVE-2018-3174 [boo#1112368], CVE-2018-3276 [boo#1112393], - CVE-2018-3278 [boo#1112390], CVE-2018-3282 [boo#1112432],
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 118452
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118452
    title openSUSE Security Update : mysql-community-server (openSUSE-2018-1284)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1269.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 104527
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104527
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-55B875C1AC.NASL
    description **MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120436
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120436
    title Fedora 28 : 3:mariadb (2018-55b875c1ac)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3542-1.NASL
    description MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes : http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed : CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118499
    published 2018-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118499
    title SUSE SLES11 Security Update : mysql (SUSE-SU-2018:3542-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-192148F4FF.NASL
    description **MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Aditional notes : As per the upstream MariaDB Deprecation Policy, this will be the last release of MariaDB 10.2 supporting Fedora 27 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119154
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119154
    title Fedora 27 : 3:mariadb (2018-192148f4ff)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3047.NASL
    description An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 6. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104140
    published 2017-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104140
    title RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1116.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119475
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119475
    title Amazon Linux AMI : mysql55 (ALAS-2018-1116)
redhat via4
advisories
  • rhsa
    id RHSA-2017:1220
  • rhsa
    id RHSA-2017:1221
  • rhsa
    id RHSA-2017:1222
  • rhsa
    id RHSA-2017:2999
  • rhsa
    id RHSA-2017:3046
  • rhsa
    id RHSA-2017:3047
  • rhsa
    id RHSA-2017:3453
refmap via4
bid 95131
confirm
gentoo GLSA-201701-56
misc
mlist
  • [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
  • [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
sectrack
  • 1039427
  • 1041888
suse
  • openSUSE-SU-2016:3202
  • openSUSE-SU-2017:0077
  • openSUSE-SU-2017:0080
Last major update 23-05-2017 - 00:29
Published 23-05-2017 - 00:29
Last modified 24-03-2019 - 20:29
Back to Top