The version of MariaDB installed on the remote host is prior to 10.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10-1-8-release-notes advisory.

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect availability via unknown vectors related to Server : Partition, a different     vulnerability than CVE-2015-4802. (CVE-2015-4792)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect availability via unknown vectors related to Server : Partition, a different     vulnerability than CVE-2015-4792. (CVE-2015-4802)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running     on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server     : Query Cache. (CVE-2015-4807)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect availability via vectors related to Server : DDL. (CVE-2015-4815)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to     affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4816)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local     users to affect confidentiality, integrity, and availability via unknown vectors related to Client     programs. (CVE-2015-4819)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect confidentiality via unknown vectors related to Server : Types.
    (CVE-2015-4826)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
    (CVE-2015-4830)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote     authenticated users to affect availability via unknown vectors related to Server : SP. (CVE-2015-4836)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote     authenticated users to affect availability via vectors related to DML, a different vulnerability than     CVE-2015-4913. (CVE-2015-4858)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote     authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4861)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote     authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
    (CVE-2015-4864)

  - Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to     affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote     authenticated users to affect availability via unknown vectors related to Server : Parser. (CVE-2015-4870)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote     authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
    (CVE-2015-4879)

  - Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to     affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4895)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote     authenticated users to affect availability via vectors related to Server : DML, a different vulnerability     than CVE-2015-4858. (CVE-2015-4913)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MariaDB 10.1.0 < 10.1.8 Multiple Vulnerabilities

critical Nessus Plugin ID 167902

Version 1.4