The version of MariaDB installed on the remote host is prior to 10.0.28. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10028-release-notes advisory.

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported     versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to     exploit vulnerability allows high privileged attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.
    Note: CVE-2017-3600 is equivalent to CVE-2016-5483. (CVE-2017-3600)

  - Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before     8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before     5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before     5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain     permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
    (CVE-2016-6663)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a     reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of     this candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage (CVE-2016-5616)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3600. Reason: This candidate is a     reservation duplicate of CVE-2017-3600. Notes: All CVE users should reference CVE-2017-3600 instead of     this candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage (CVE-2016-5483)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
    (CVE-2016-3492)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MariaDB 10.0.0 < 10.0.28 Multiple Vulnerabilities

high Nessus Plugin ID 95540

Version 1.10

Version 1.9

Version 1.8

Version 1.10 Jul 18, 2025, 8:07 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202507180807
Version 1.9 Jun 25, 2025, 10:34 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (set to "CVE-2016-6663") Detection (updated detection logic) Plugin categorization ("Agent" set to "all") Plugin categorization ("Plugin type" changed from "remote" to "combined") Plugin metadata Plugin Feed: 202506251034
Version 1.8 Nov 18, 2022, 11:47 PM CVE CVSS metrics CVSSv2 score source (Changed from CVE-2016-6663 to CVE-2017-3600) Plugin Feed: 202211182347