Detections
Analytics
Alpine: mariadb: security update to 10.2.19-r0
critical Tenable Cloud Security Plugin ID 405506
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have
unspecified impact via vectors involving big-endian CRC calculation. (CVE-2016-9843)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions
that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data. (CVE-2018-3058)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions
that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized creation, deletion or modification access to
critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2018-3060)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2018-3063)
See Also
https://security.alpinelinux.org/vuln/CVE-2016-9843
https://security.alpinelinux.org/vuln/CVE-2018-3058
https://security.alpinelinux.org/vuln/CVE-2018-3060
https://security.alpinelinux.org/vuln/CVE-2018-3063
https://security.alpinelinux.org/vuln/CVE-2018-3064
https://security.alpinelinux.org/vuln/CVE-2018-3066
https://security.alpinelinux.org/vuln/CVE-2018-3143
https://security.alpinelinux.org/vuln/CVE-2018-3156
https://security.alpinelinux.org/vuln/CVE-2018-3162
https://security.alpinelinux.org/vuln/CVE-2018-3173
https://security.alpinelinux.org/vuln/CVE-2018-3174
https://security.alpinelinux.org/vuln/CVE-2018-3185
https://security.alpinelinux.org/vuln/CVE-2018-3200
https://security.alpinelinux.org/vuln/CVE-2018-3251
https://security.alpinelinux.org/vuln/CVE-2018-3277
Plugin Details
Severity: Critical
ID: 405506
Version: Revision 1.24
Type: Local
Published: 10/31/2023
Updated: 3/12/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-9843
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/4/2016
Reference Information
CVE: CVE-2016-9843, CVE-2018-3058, CVE-2018-3060, CVE-2018-3063, CVE-2018-3064, CVE-2018-3066, CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3174, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3282, CVE-2018-3284
BID: 95131, 104766, 104769, 104786, 104776, 105600, 105594, 105612, 105610