ID CVE-2018-3282
Summary Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
Vulnerable Configurations
  • Oracle MySQL 5.5.0
    cpe:2.3:a:oracle:mysql:5.5.0
  • Oracle MySQL 5.5.1
    cpe:2.3:a:oracle:mysql:5.5.1
  • Oracle MySQL 5.5.2
    cpe:2.3:a:oracle:mysql:5.5.2
  • Oracle MySQL 5.5.3
    cpe:2.3:a:oracle:mysql:5.5.3
  • Oracle MySQL 5.5.4
    cpe:2.3:a:oracle:mysql:5.5.4
  • Oracle MySQL 5.5.5
    cpe:2.3:a:oracle:mysql:5.5.5
  • Oracle MySQL 5.5.6
    cpe:2.3:a:oracle:mysql:5.5.6
  • Oracle MySQL 5.5.7
    cpe:2.3:a:oracle:mysql:5.5.7
  • Oracle MySQL 5.5.8
    cpe:2.3:a:oracle:mysql:5.5.8
  • Oracle MySQL 5.5.9
    cpe:2.3:a:oracle:mysql:5.5.9
  • Oracle MySQL 5.5.10
    cpe:2.3:a:oracle:mysql:5.5.10
  • Oracle MySQL 5.5.11
    cpe:2.3:a:oracle:mysql:5.5.11
  • Oracle MySQL 5.5.12
    cpe:2.3:a:oracle:mysql:5.5.12
  • Oracle MySQL 5.5.13
    cpe:2.3:a:oracle:mysql:5.5.13
  • Oracle MySQL 5.5.14
    cpe:2.3:a:oracle:mysql:5.5.14
  • Oracle MySQL 5.5.15
    cpe:2.3:a:oracle:mysql:5.5.15
  • Oracle MySQL 5.5.16
    cpe:2.3:a:oracle:mysql:5.5.16
  • Oracle MySQL 5.5.17
    cpe:2.3:a:oracle:mysql:5.5.17
  • Oracle MySQL 5.5.18
    cpe:2.3:a:oracle:mysql:5.5.18
  • Oracle MySQL 5.5.19
    cpe:2.3:a:oracle:mysql:5.5.19
  • Oracle MySQL 5.5.20
    cpe:2.3:a:oracle:mysql:5.5.20
  • Oracle MySQL 5.5.21
    cpe:2.3:a:oracle:mysql:5.5.21
  • Oracle MySQL 5.5.22
    cpe:2.3:a:oracle:mysql:5.5.22
  • Oracle MySQL 5.5.23
    cpe:2.3:a:oracle:mysql:5.5.23
  • Oracle MySQL 5.5.24
    cpe:2.3:a:oracle:mysql:5.5.24
  • Oracle MySQL 5.5.25
    cpe:2.3:a:oracle:mysql:5.5.25
  • Oracle MySQL 5.5.25a
    cpe:2.3:a:oracle:mysql:5.5.25:a
  • Oracle MySQL 5.5.26
    cpe:2.3:a:oracle:mysql:5.5.26
  • Oracle MySQL 5.5.27
    cpe:2.3:a:oracle:mysql:5.5.27
  • Oracle MySQL 5.5.28
    cpe:2.3:a:oracle:mysql:5.5.28
  • Oracle MySQL 5.5.29
    cpe:2.3:a:oracle:mysql:5.5.29
  • Oracle MySQL 5.5.30
    cpe:2.3:a:oracle:mysql:5.5.30
  • Oracle MySQL 5.5.31
    cpe:2.3:a:oracle:mysql:5.5.31
  • Oracle MySQL 5.5.32
    cpe:2.3:a:oracle:mysql:5.5.32
  • Oracle MySQL 5.5.33
    cpe:2.3:a:oracle:mysql:5.5.33
  • Oracle MySQL 5.5.34
    cpe:2.3:a:oracle:mysql:5.5.34
  • Oracle MySQL 5.5.35
    cpe:2.3:a:oracle:mysql:5.5.35
  • Oracle MySQL 5.5.36
    cpe:2.3:a:oracle:mysql:5.5.36
  • Oracle MySQL 5.5.37
    cpe:2.3:a:oracle:mysql:5.5.37
  • Oracle MySQL 5.5.38
    cpe:2.3:a:oracle:mysql:5.5.38
  • Oracle MySQL 5.5.39
    cpe:2.3:a:oracle:mysql:5.5.39
  • Oracle MySQL 5.5.40
    cpe:2.3:a:oracle:mysql:5.5.40
  • Oracle MySQL 5.5.41
    cpe:2.3:a:oracle:mysql:5.5.41
  • Oracle MySQL 5.5.42
    cpe:2.3:a:oracle:mysql:5.5.42
  • Oracle MySQL 5.5.43
    cpe:2.3:a:oracle:mysql:5.5.43
  • Oracle MySQL 5.5.44
    cpe:2.3:a:oracle:mysql:5.5.44
  • Oracle MySQL 5.5.45
    cpe:2.3:a:oracle:mysql:5.5.45
  • Oracle MySQL 5.5.46
    cpe:2.3:a:oracle:mysql:5.5.46
  • Oracle MySQL 5.5.47
    cpe:2.3:a:oracle:mysql:5.5.47
  • Oracle MySQL 5.5.48
    cpe:2.3:a:oracle:mysql:5.5.48
  • Oracle MySQL 5.5.49
    cpe:2.3:a:oracle:mysql:5.5.49
  • Oracle MySQL 5.5.50
    cpe:2.3:a:oracle:mysql:5.5.50
  • Oracle MySQL 5.5.51
    cpe:2.3:a:oracle:mysql:5.5.51
  • Oracle MySQL 5.5.52
    cpe:2.3:a:oracle:mysql:5.5.52
  • Oracle MySQL 5.5.53
    cpe:2.3:a:oracle:mysql:5.5.53
  • Oracle MySQL 5.5.54
    cpe:2.3:a:oracle:mysql:5.5.54
  • Oracle MySQL 5.5.55
    cpe:2.3:a:oracle:mysql:5.5.55
  • Oracle MySQL 5.5.56
    cpe:2.3:a:oracle:mysql:5.5.56
  • Oracle MySQL 5.5.57
    cpe:2.3:a:oracle:mysql:5.5.57
  • Oracle MySQL 5.5.58
    cpe:2.3:a:oracle:mysql:5.5.58
  • Oracle MySQL 5.5.59
    cpe:2.3:a:oracle:mysql:5.5.59
  • Oracle MySQL 5.5.60
    cpe:2.3:a:oracle:mysql:5.5.60
  • Oracle MySQL 5.5.61
    cpe:2.3:a:oracle:mysql:5.5.61
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.0 Enterprise Edition
    cpe:2.3:a:oracle:mysql:5.6.0:-:-:-:enterprise
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.15
    cpe:2.3:a:oracle:mysql:5.6.15
  • Oracle MySQL 5.6.16
    cpe:2.3:a:oracle:mysql:5.6.16
  • Oracle MySQL 5.6.17
    cpe:2.3:a:oracle:mysql:5.6.17
  • Oracle MySQL 5.6.18
    cpe:2.3:a:oracle:mysql:5.6.18
  • Oracle MySQL 5.6.19
    cpe:2.3:a:oracle:mysql:5.6.19
  • Oracle MySQL 5.6.20
    cpe:2.3:a:oracle:mysql:5.6.20
  • Oracle MySQL 5.6.21
    cpe:2.3:a:oracle:mysql:5.6.21
  • Oracle MySQL 5.6.22
    cpe:2.3:a:oracle:mysql:5.6.22
  • Oracle MySQL 5.6.23
    cpe:2.3:a:oracle:mysql:5.6.23
  • Oracle MySQL 5.6.24
    cpe:2.3:a:oracle:mysql:5.6.24
  • Oracle MySQL 5.6.25
    cpe:2.3:a:oracle:mysql:5.6.25
  • Oracle MySQL 5.6.26
    cpe:2.3:a:oracle:mysql:5.6.26
  • Oracle MySQL 5.6.27
    cpe:2.3:a:oracle:mysql:5.6.27
  • Oracle MySQL 5.6.28
    cpe:2.3:a:oracle:mysql:5.6.28
  • Oracle MySQL 5.6.29
    cpe:2.3:a:oracle:mysql:5.6.29
  • Oracle MySQL 5.6.30
    cpe:2.3:a:oracle:mysql:5.6.30
  • Oracle MySQL 5.6.31
    cpe:2.3:a:oracle:mysql:5.6.31
  • Oracle MySQL 5.6.32
    cpe:2.3:a:oracle:mysql:5.6.32
  • Oracle MySQL 5.6.33
    cpe:2.3:a:oracle:mysql:5.6.33
  • Oracle MySQL 5.6.34
    cpe:2.3:a:oracle:mysql:5.6.34
  • Oracle MySQL 5.6.35
    cpe:2.3:a:oracle:mysql:5.6.35
  • Oracle MySQL 5.6.36
    cpe:2.3:a:oracle:mysql:5.6.36
  • Oracle MySQL 5.6.37
    cpe:2.3:a:oracle:mysql:5.6.37
  • Oracle MySQL 5.6.38
    cpe:2.3:a:oracle:mysql:5.6.38
  • Oracle MySQL 5.6.39
    cpe:2.3:a:oracle:mysql:5.6.39
  • Oracle MySQL 5.6.40
    cpe:2.3:a:oracle:mysql:5.6.40
  • Oracle MySQL 5.6.41
    cpe:2.3:a:oracle:mysql:5.6.41
  • Oracle MySQL 5.7.0
    cpe:2.3:a:oracle:mysql:5.7.0
  • Oracle MySQL 5.7.0 Community Edition
    cpe:2.3:a:oracle:mysql:5.7.0:-:-:-:community
  • Oracle MySQL 5.7.0 Enterprise Edition
    cpe:2.3:a:oracle:mysql:5.7.0:-:-:-:enterprise
  • Oracle MySQL 5.7.1
    cpe:2.3:a:oracle:mysql:5.7.1
  • Oracle MySQL 5.7.2
    cpe:2.3:a:oracle:mysql:5.7.2
  • Oracle MySQL 5.7.3
    cpe:2.3:a:oracle:mysql:5.7.3
  • Oracle MySQL 5.7.4
    cpe:2.3:a:oracle:mysql:5.7.4
  • Oracle MySQL 5.7.5
    cpe:2.3:a:oracle:mysql:5.7.5
  • Oracle MySQL 5.7.6
    cpe:2.3:a:oracle:mysql:5.7.6
  • Oracle MySQL 5.7.7
    cpe:2.3:a:oracle:mysql:5.7.7
  • Oracle MySQL 5.7.8
    cpe:2.3:a:oracle:mysql:5.7.8
  • Oracle MySQL 5.7.9
    cpe:2.3:a:oracle:mysql:5.7.9
  • Oracle MySQL 5.7.10
    cpe:2.3:a:oracle:mysql:5.7.10
  • Oracle MySQL 5.7.11
    cpe:2.3:a:oracle:mysql:5.7.11
  • Oracle MySQL 5.7.12
    cpe:2.3:a:oracle:mysql:5.7.12
  • Oracle MySQL 5.7.13
    cpe:2.3:a:oracle:mysql:5.7.13
  • Oracle MySQL 5.7.14
    cpe:2.3:a:oracle:mysql:5.7.14
  • Oracle MySQL 5.7.15
    cpe:2.3:a:oracle:mysql:5.7.15
  • Oracle MySQL 5.7.16
    cpe:2.3:a:oracle:mysql:5.7.16
  • Oracle MySQL 5.7.17
    cpe:2.3:a:oracle:mysql:5.7.17
  • Oracle MySQL 5.7.18
    cpe:2.3:a:oracle:mysql:5.7.18
  • Oracle MySQL 5.7.19
    cpe:2.3:a:oracle:mysql:5.7.19
  • Oracle MySQL 5.7.20
    cpe:2.3:a:oracle:mysql:5.7.20
  • Oracle MySQL 5.7.21
    cpe:2.3:a:oracle:mysql:5.7.21
  • Oracle MySQL 5.7.22
    cpe:2.3:a:oracle:mysql:5.7.22
  • Oracle MySQL 5.7.23
    cpe:2.3:a:oracle:mysql:5.7.23
  • Oracle MySQL 8.0.0
    cpe:2.3:a:oracle:mysql:8.0.0
  • Oracle MySQL 8.0.1
    cpe:2.3:a:oracle:mysql:8.0.1
  • Oracle MySQL 8.0.2
    cpe:2.3:a:oracle:mysql:8.0.2
  • Oracle MySQL 8.0.3
    cpe:2.3:a:oracle:mysql:8.0.3
  • Oracle MySQL 8.0.4
    cpe:2.3:a:oracle:mysql:8.0.4
  • Oracle MySQL 8.0.5
    cpe:2.3:a:oracle:mysql:8.0.5
  • Oracle MySQL 8.0.10
    cpe:2.3:a:oracle:mysql:8.0.10
  • Oracle MySQL 8.0.11
    cpe:2.3:a:oracle:mysql:8.0.11
  • Oracle MySQL 8.0.12
    cpe:2.3:a:oracle:mysql:8.0.12
  • cpe:2.3:a:netapp:oncommand_insight
    cpe:2.3:a:netapp:oncommand_insight
  • cpe:2.3:a:netapp:oncommand_workflow_automation
    cpe:2.3:a:netapp:oncommand_workflow_automation
  • cpe:2.3:a:netapp:snapcenter
    cpe:2.3:a:netapp:snapcenter
  • cpe:2.3:a:netapp:storage_automation_store
    cpe:2.3:a:netapp:storage_automation_store
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.0
Impact:
Exploitability:
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4341.NASL
    description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10127-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10128-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10129-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10130-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10131-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10132-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10133-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10134-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10135-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10136-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10137-release- notes/
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119040
    published 2018-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119040
    title Debian DSA-4341-1 : mariadb-10.1 - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4211-1.NASL
    description This update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: https://kb.askmonty.org/en/mariadb-10037-release-notes https://kb.askmonty.org/en/mariadb-10037-changelog https://kb.askmonty.org/en/mariadb-10036-release-notes https://kb.askmonty.org/en/mariadb-10036-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 119869
    published 2018-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119869
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:4211-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1570.NASL
    description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.37. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10037-release-notes/ For Debian 8 'Jessie', these problems have been fixed in version 10.0.37-0+deb8u1. We recommend that you upgrade your mariadb-10.0 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 118807
    published 2018-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118807
    title Debian DLA-1570-1 : mariadb-10.0 security update
  • NASL family Databases
    NASL id MARIADB_10_0_37.NASL
    description The version of MariaDB running of remote host is 10.0.0 prior to 10.0.37. It is, therefore, affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 121191
    published 2019-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121191
    title MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MARIADB_10_2_19.NASL
    description The version of MariaDB running of remote host is 10.2.0 prior to 10.2.19. It is, therefore, affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121394
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121394
    title MariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1566.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.62, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html https://www.oracle.com/technetwork/security-advisory/cpujul2018-425824 7.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-442829 6.html For Debian 8 'Jessie', these problems have been fixed in version 5.5.62-0+deb8u1. We recommend that you upgrade your mysql-5.5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-06
    plugin id 118734
    published 2018-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118734
    title Debian DLA-1566-1 : mysql-5.5 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0119-1.NASL
    description This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed : CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) Enable testing for client plugins (bsc#1111859) Improve test coverage by keeping debug_key_management.so (bsc#1111858) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 121294
    published 2019-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121294
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0119-1)
  • NASL family Databases
    NASL id MYSQL_5_5_62.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118233
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118233
    title MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-242F6C1A41.NASL
    description **MariaDB 10.3.11** Release notes : https://mariadb.com/kb/en/mariadb-10311-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120294
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120294
    title Fedora 29 : 3:mariadb (2018-242f6c1a41)
  • NASL family Databases
    NASL id MYSQL_8_0_13.NASL
    description The version of MySQL running on the remote host is 8.0.x prior to 8.0.13. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118236
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118236
    title MySQL 8.0.x < 8.0.13 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-309-01.NASL
    description New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
    last seen 2019-02-21
    modified 2018-11-06
    plugin id 118746
    published 2018-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118746
    title Slackware 14.1 / 14.2 / current : mariadb (SSA:2018-309-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3799-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-442829 6.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118359
    published 2018-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118359
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3799-1)
  • NASL family Databases
    NASL id MYSQL_5_6_42.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.42. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118234
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118234
    title MySQL 5.6.x < 5.6.42 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1115.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119474
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119474
    title Amazon Linux AMI : mysql56 (ALAS-2018-1115)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EC5072B0D43A11E8A6D2B499BAEBFEAF.NASL
    description Oracle reports : Please reference CVE/URL list for details
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 118248
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118248
    title FreeBSD : MySQL -- multiple vulnerabilities (ec5072b0-d43a-11e8-a6d2-b499baebfeaf)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-C82FC3E109.NASL
    description **MySQL 8.0.13** Release notes : https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13.html CVEs fixed : CVE-2018-3276 CVE-2018-3200 CVE-2018-3137 CVE-2018-3284 CVE-2018-3195 CVE-2018-3173 CVE-2018-3212 CVE-2018-3279 CVE-2018-3162 CVE-2018-3247 CVE-2018-3156 CVE-2018-3161 CVE-2018-3278 CVE-2018-3174 CVE-2018-3282 CVE-2018-3285 CVE-2018-3187 CVE-2018-3277 CVE-2018-3144 CVE-2018-3145 CVE-2018-3170 CVE-2018-3186 CVE-2018-3182 CVE-2018-3133 CVE-2018-3143 CVE-2018-3283 CVE-2018-3171 CVE-2018-3251 CVE-2018-3286 CVE-2018-3185 CVE-2018-3280 CVE-2018-3203 CVE-2018-3155 Maintainer's notes : MySQL now builds MySQL Router (for innoDB cluster) as a part of the server. However since it can't be used without MySQL Shell, whuch is not packed to Fedora, nor the Router is allowed to be built & packed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120783
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120783
    title Fedora 29 : community-mysql (2018-c82fc3e109)
  • NASL family Databases
    NASL id MYSQL_5_7_24.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.24 It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118235
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118235
    title MySQL 5.7.x < 5.7.24 Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Databases
    NASL id MARIADB_5_5_62.NASL
    description The version of MariaDB running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple denial of service vulnerabilities. - A denial of service vulnerability exists in the crc32_big() function within file crc32.c due to an out-of bounds pointer flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause the application to stop responding. (CVE-2016-9843) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Client programs). An authenticated, local attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3174) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Storage Engines). An authenticated, remote attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3282) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Connection Handling). An authenticated, adjacent attacker can exploit this, to cause MySQL Server to stop responding. (CVE-2019-2503) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 122258
    published 2019-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122258
    title MariaDB 5.5.x < 5.5.62 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3972-1.NASL
    description This update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Release notes and changelog: https://kb.askmonty.org/en/mariadb-10037-release-notes https://kb.askmonty.org/en/mariadb-10037-changelog https://kb.askmonty.org/en/mariadb-10036-release-notes https://kb.askmonty.org/en/mariadb-10036-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119452
    published 2018-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119452
    title SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:3972-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1114.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3155) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3284) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3161) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3171) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3144) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3173) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3283) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3162) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3185) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3187)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119473
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119473
    title Amazon Linux AMI : mysql57 (ALAS-2018-1114)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1284.NASL
    description MySQL Community Server was updated to 5.6.42, fixing bugs and security issues : Changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-42.html Fixed CVEs : - CVE-2016-9843 [boo#1013882], CVE-2018-3143 [boo#1112421], - CVE-2018-3156 [boo#1112417], CVE-2018-3251 [boo#1112397], - CVE-2018-3133 [boo#1112369], CVE-2018-3247 [boo#1112398], - CVE-2018-3174 [boo#1112368], CVE-2018-3276 [boo#1112393], - CVE-2018-3278 [boo#1112390], CVE-2018-3282 [boo#1112432],
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 118452
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118452
    title openSUSE Security Update : mysql-community-server (openSUSE-2018-1284)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-4AE94C8DEB.NASL
    description **MySQL 5.7.24** Release notes : https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html CVEs fixed : CVE-2018-3276 CVE-2018-3200 CVE-2018-3284 CVE-2018-3173 CVE-2018-3162 CVE-2018-3247 CVE-2018-3156 CVE-2018-3161 CVE-2018-3278 CVE-2018-3282 CVE-2018-3187 CVE-2018-3277 CVE-2018-3144 CVE-2018-3133 CVE-2018-3143 CVE-2018-3283 CVE-2018-3171 CVE-2018-3251 CVE-2018-3185 CVE-2018-3155 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119156
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119156
    title Fedora 27 : community-mysql (2018-4ae94c8deb)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-55B875C1AC.NASL
    description **MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120436
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120436
    title Fedora 28 : 3:mariadb (2018-55b875c1ac)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3542-1.NASL
    description MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes : http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed : CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118499
    published 2018-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118499
    title SUSE SLES11 Security Update : mysql (SUSE-SU-2018:3542-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B4820696E1.NASL
    description **MySQL 5.7.24** Release notes : https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html CVEs fixed : CVE-2018-3276 CVE-2018-3200 CVE-2018-3284 CVE-2018-3173 CVE-2018-3162 CVE-2018-3247 CVE-2018-3156 CVE-2018-3161 CVE-2018-3278 CVE-2018-3282 CVE-2018-3187 CVE-2018-3277 CVE-2018-3144 CVE-2018-3133 CVE-2018-3143 CVE-2018-3283 CVE-2018-3171 CVE-2018-3251 CVE-2018-3185 CVE-2018-3155 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120722
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120722
    title Fedora 28 : community-mysql (2018-b4820696e1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-192148F4FF.NASL
    description **MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Aditional notes : As per the upstream MariaDB Deprecation Policy, this will be the last release of MariaDB 10.2 supporting Fedora 27 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119154
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119154
    title Fedora 27 : 3:mariadb (2018-192148f4ff)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1116.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119475
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119475
    title Amazon Linux AMI : mysql55 (ALAS-2018-1116)
redhat via4
advisories
  • rhsa
    id RHSA-2018:3655
  • rhsa
    id RHSA-2019:1258
refmap via4
bid 105610
confirm
debian DSA-4341
mlist
  • [debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update
  • [debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update
sectrack 1041888
ubuntu
  • USN-3799-1
  • USN-3799-2
Last major update 16-10-2018 - 21:31
Published 16-10-2018 - 21:31
Last modified 02-10-2019 - 20:03
Back to Top