Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_5_5_37.NASL
HistoryDec 09, 2014 - 12:00 a.m.

MariaDB 5.5 < 5.5.37 Multiple Vulnerabilities

2014-12-0900:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
43

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.02

Percentile

89.0%

JSON

The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.37. It is, therefore, potentially affected by vulnerabilities due to errors related to the following components :

  • Client
  • Options
  • Performance Schema
  • RBR
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(79826);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/18");

  script_cve_id(
    "CVE-2014-2430",
    "CVE-2014-2431",
    "CVE-2014-2436",
    "CVE-2014-2440",
    "CVE-2019-2481"
  );
  script_bugtraq_id(
    66850,
    66858,
    66890,
    66896
  );

  script_name(english:"MariaDB 5.5 < 5.5.37 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MariaDB 5.5 running on the remote host is a version
prior to 5.5.37. It is, therefore, potentially affected by
vulnerabilities due to errors related to the following components :

  - Client
  - Options
  - Performance Schema
  - RBR");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5537-changelog/");
  # https://mariadb.com/kb/en/library/mariadb-5537-release-notes/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e66ff27");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB 5.5.37 or later or apply the vendor patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2436");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-2481");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(variant:'MariaDB', fixed:'5.5.37-MariaDB', min:'5.5', severity:SECURITY_WARNING);

Related

nessus 41
openvas 40
redhat 6
slackware 1
veracode 6
amazon 3
oraclelinux 4
fedora 14
centos 3
mageia 1
osv 5
debian 2
ubuntu 2
cve 5
nvd 5
cvelist 5
ubuntucve 5
mariadbunix 5
prion 5
redhatcve 1
f5 1
suse 2
gentoo 1
ibm 2
oracle 2
securityvulns 1
freebsd 1
photon 4
rocky 1
almalinux 1
nessus
nessus
MySQL 5.5.x < 5.5.37 MySQL Multiple Vulnerabilities
2014-04-03 00:00:00
MariaDB 10.0.0 < 10.0.11 Multiple Vulnerabilities
2022-11-18 00:00:00
MySQL 5.6.x < 5.6.17 Multiple Vulnerabilities
2014-04-16 00:00:00
openvas
openvas
Oracle MySQL Multiple Unspecified vulnerabilities - 02 (May 2014) - Windows
2014-05-08 00:00:00
Oracle MySQL Multiple Unspecified Vulnerabilities - 16 (Jun 2016) - Linux
2016-06-03 00:00:00
Slackware: Security Advisory (SSA:2014-152-01)
2022-04-21 00:00:00
redhat
redhat
(RHSA-2014:0702) Moderate: mariadb security update
2014-06-10 00:00:00
(RHSA-2014:0522) Moderate: mariadb55-mariadb security update
2014-05-20 11:06:28
(RHSA-2014:0537) Moderate: mysql55-mysql security update
2014-05-22 17:05:47
slackware
slackware
[slackware-security] mariadb
2014-06-01 21:04:10
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:58:13
Unauthorized Access
2019-05-02 04:58:14
Denial Of Service (DoS)
2019-05-02 04:58:13
amazon
amazon
Medium: mysql55
2014-04-25 15:48:00
Medium: mysql56
2019-03-20 22:27:00
Medium: mysql57
2019-03-20 23:45:00
oraclelinux
oraclelinux
mysql55-mysql security update
2014-05-22 00:00:00
mariadb security update
2014-07-23 00:00:00
mariadb security update
2014-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-galera-5.5.37-2.fc20
2014-05-16 10:09:50
[SECURITY] Fedora 19 Update: community-mysql-5.5.37-1.fc19
2014-04-29 05:28:52
[SECURITY] Fedora 20 Update: community-mysql-5.5.37-1.fc20
2014-04-29 05:25:43
centos
centos
mysql55 security update
2014-05-22 23:08:29
mysql55 security update
2014-05-22 23:25:52
mariadb55 security update
2014-05-21 17:57:10
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2014-05-24 11:23:00
osv
osv
mysql-5.5 - security update
2014-05-03 00:00:00
CVE-2019-2481
2019-01-16 19:30:33
CGA-v356-3q5q-f928
2024-07-04 22:10:36
debian
debian
[SECURITY] [DSA 2919-1] mysql-5.5 security update
2014-05-03 08:06:27
[SECURITY] [DSA 2919-1] mysql-5.5 security update
2014-05-03 08:06:27
ubuntu
ubuntu
MySQL vulnerabilities
2014-04-23 00:00:00
MySQL vulnerabilities
2019-01-23 00:00:00
cve
cve
CVE-2014-2436
2014-04-16 02:55:16
CVE-2014-2440
2014-04-16 02:55:16
CVE-2014-2431
2014-04-16 02:55:16
nvd
nvd
CVE-2014-2431
2014-04-16 02:55:16
CVE-2014-2440
2014-04-16 02:55:16
CVE-2014-2430
2014-04-16 02:55:15
cvelist
cvelist
CVE-2014-2440
2014-04-16 02:05:00
CVE-2014-2430
2014-04-16 02:05:00
CVE-2014-2436
2014-04-16 02:05:00
ubuntucve
ubuntucve
CVE-2014-2440
2014-04-15 00:00:00
CVE-2014-2436
2014-04-15 00:00:00
CVE-2014-2430
2014-04-15 00:00:00
mariadbunix
mariadbunix
CVE-2014-2436
2014-04-16 02:55:16
CVE-2014-2440
2014-04-16 02:55:16
CVE-2014-2430
2014-04-16 02:55:15
prion
prion
Design/Logic Flaw
2014-04-16 02:55:00
Design/Logic Flaw
2014-04-16 02:55:00
Design/Logic Flaw
2014-04-16 02:55:00
redhatcve
redhatcve
CVE-2019-2481
2019-12-27 09:29:18
f5
f5
K75501541 : MySQL vulnerabilities CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, and CVE-2019-2495
2019-02-15 00:00:00
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
Security update for mysql-community-server (important)
2019-02-05 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.
2023-06-28 22:12:57
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
2019-05-06 19:55:01
oracle
oracle
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-02 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2019-01-15 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0152
2019-04-23 00:00:00
Critical Photon OS Security Update - PHSA-2019-0152
2019-04-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0212
2019-03-05 00:00:00
rocky
rocky
mysql:8.0 security update
2019-08-15 17:31:05
almalinux
almalinux
Important: mysql:8.0 security update
2019-08-15 17:31:05

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.02

Percentile

89.0%

JSON
Related for MARIADB_5_5_37.NASL
nessus41openvas40redhat6slackware1veracode6amazon3oraclelinux4fedora14centos3mageia1osv5debian2ubuntu2cve5nvd5cvelist5ubuntucve5mariadbunix5prion5redhatcve1f51suse2gentoo1ibm2oracle2securityvulns1freebsd1photon4rocky1almalinux1