The version of MariaDB installed on the remote host is prior to 10.1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10119-release-notes advisory.

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported     versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to     exploit vulnerability allows high privileged attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.
    Note: CVE-2017-3600 is equivalent to CVE-2016-5483. (CVE-2017-3600)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3600. Reason: This candidate is a     reservation duplicate of CVE-2017-3600. Notes: All CVE users should reference CVE-2017-3600 instead of     this candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage (CVE-2016-5483)

  - Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier     allows remote administrators to affect confidentiality via vectors related to Server: Security:
    Encryption. (CVE-2016-5584)

  - The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10     makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
    (CVE-2016-7440)

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported     versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily     exploitable vulnerability allows low privileged attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update,     insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MariaDB 10.1.0 < 10.1.19 Multiple Vulnerabilities

medium Nessus Plugin ID 95541

Version 1.9

Version 1.8

Version 1.9 Jun 25, 2025, 10:34 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin categorization ("Agent" set to "all") Plugin categorization ("Plugin type" changed from "remote" to "combined") Plugin metadata Plugin Feed: 202506251034
Version 1.8 Nov 18, 2022, 9:50 PM CVE CVSS metrics CVSSv2 score source (Changed from CVE-2016-5584 to CVE-2017-3600) CVSSv2 severity (Based on CVE-2017-3600 severity increased from Low to Medium) CVSSv3 score source (Changed from None to CVE-2017-3600) Plugin Feed: 202211182150