ID CVE-2019-2797Type cveReporter cve@mitre.orgModified 2020-08-24T17:37:00
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
{"id": "CVE-2019-2797", "bulletinFamily": "NVD", "title": "CVE-2019-2797", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "published": "2019-07-23T23:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2797", "reporter": "cve@mitre.org", "references": ["https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS", "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://access.redhat.com/errata/RHSA-2019:2511", "https://support.f5.com/csp/article/K23125024", "https://access.redhat.com/errata/RHSA-2019:2484", "https://usn.ubuntu.com/4070-1/"], "cvelist": ["CVE-2019-2797"], "type": "cve", "lastseen": "2021-02-02T07:13:00", "edition": 13, "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K23125024"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844107", "OPENVAS:1361412562310142653", "OPENVAS:1361412562310142652"]}, {"type": "ubuntu", "idList": ["USN-4070-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-4070-1.NASL", "REDHAT-RHSA-2019-2511.NASL", "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL", "ORACLELINUX_ELSA-2019-2511.NASL", "CENTOS8_RHSA-2019-2511.NASL", "PHOTONOS_PHSA-2019-3_0-0026_MYSQL.NASL", "MYSQL_8_0_17.NASL", "MYSQL_5_7_27_JULY.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D2095944B38019F3860438162F040964"]}, {"type": "freebsd", "idList": ["198E6220-AC8B-11E9-A1C7-B499BAEBFEAF"]}, {"type": "redhat", "idList": ["RHSA-2019:2484", "RHSA-2019:2511"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2511"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835"]}], "modified": "2021-02-02T07:13:00", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-02-02T07:13:00", "rev": 2}, "vulnersScore": 4.5}, "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:oracle:mysql:8.0.16", "cpe:/a:oracle:mysql:5.7.26"], "affectedSoftware": [{"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "16.04"}, {"cpeName": "oracle:mysql", "name": "oracle mysql", "operator": "le", "version": "5.7.26"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "18.04"}, {"cpeName": "oracle:mysql", "name": "oracle mysql", "operator": "le", "version": "8.0.16"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "19.04"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.26:*:*:*:*:*:*:*", "versionEndIncluding": "5.7.26", "versionStartIncluding": "5.7.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*", "versionEndIncluding": "8.0.16", "versionStartIncluding": "8.0.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://support.f5.com/csp/article/K23125024", "refsource": "CONFIRM", "tags": [], "url": "https://support.f5.com/csp/article/K23125024"}, {"name": "RHSA-2019:2484", "refsource": "REDHAT", "tags": [], "url": "https://access.redhat.com/errata/RHSA-2019:2484"}, {"name": "USN-4070-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4070-1/"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2019:2511", "refsource": "REDHAT", "tags": [], "url": "https://access.redhat.com/errata/RHSA-2019:2511"}, {"name": "https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "tags": [], "url": "https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS"}], "immutableFields": []}
{"f5": [{"lastseen": "2020-04-06T22:40:41", "bulletinFamily": "software", "cvelist": ["CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2791"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-08-22T04:07:00", "published": "2019-08-22T03:50:00", "id": "F5:K23125024", "href": "https://support.f5.com/csp/article/K23125024", "title": "MySQL vulnerabilities CVE-2019-2791, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, and CVE-2019-2798", "type": "f5", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2019-07-30T13:53:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2757", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-07-30T00:00:00", "published": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142652", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.17 Security Update (2019-5072835) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142652\");\n script_version(\"2019-07-30T07:04:43+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 07:04:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:51:48 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-2758\", \"CVE-2019-2778\", \"CVE-2019-2741\", \"CVE-2019-2757\", \"CVE-2019-2774\",\n \"CVE-2019-2797\", \"CVE-2019-2791\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.17 Security Update (2019-5072835) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.16 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.17 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.16\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.17\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-07-30T13:53:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2757", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-07-30T00:00:00", "published": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142653", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.17 Security Update (2019-5072835) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142653\");\n script_version(\"2019-07-30T07:04:43+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 07:04:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:57:50 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-2758\", \"CVE-2019-2778\", \"CVE-2019-2741\", \"CVE-2019-2757\", \"CVE-2019-2774\",\n \"CVE-2019-2797\", \"CVE-2019-2791\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.17 Security Update (2019-5072835) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.16 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.17 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.16\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.17\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-07-30T13:50:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2778", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2819"], "description": "The remote host is missing an update for the ", "modified": "2019-07-30T00:00:00", "published": "2019-07-25T00:00:00", "id": "OPENVAS:1361412562310844107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844107", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-4070-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844107\");\n script_version(\"2019-07-30T07:04:43+0000\");\n script_cve_id(\"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2741\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2791\", \"CVE-2019-2797\", \"CVE-2019-2805\", \"CVE-2019-2819\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 07:04:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-25 02:01:40 +0000 (Thu, 25 Jul 2019)\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-4070-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4070-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-July/005028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the USN-4070-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in MySQL and this update includes\na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to\nMySQL 5.7.27.\n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\");\n\n script_tag(name:\"affected\", value:\"'mysql-5.7' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.27-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.27-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.27-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-18T11:00:23", "description": "Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated\nto MySQL 5.7.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-507283\n5.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-07-25T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : MySQL vulnerabilities (USN-4070-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2778", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2819"], "modified": "2019-07-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127041", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4070-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127041);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2741\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2791\", \"CVE-2019-2797\", \"CVE-2019-2805\", \"CVE-2019-2819\");\n script_xref(name:\"USN\", value:\"4070-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : MySQL vulnerabilities (USN-4070-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated\nto MySQL 5.7.27.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-507283\n5.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4070-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mysql-server-5.7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.27-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.27-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.27-0ubuntu0.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.7\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-14T16:24:56", "description": "The version of MySQL running on the remote host is 5.7.x prior to\n5.7.27. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - A stack-based buffer overflow vulnerability in the\n 'Server: Packaging (cURL)' subcomponent could allow an \n unauthenticated attacker to gain complete control of an\n affected instance of MySQL Server. (CVE-2019-3822)\n\n - A vulnerability in the 'Server: Parser' subcomponent. \n This is an easily exploitable vulnerability that allows\n a low privileged attacker with network access via\n multiple protocols to compromise the server. Successful\n attacks involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS). (CVE-2019-2805) \n\n - A vulnerability in the 'Server: XML' subcomponent. This\n is an easily exploitable vulnerability that allows a\n low privileged attacker with network access via multiple\n protocols to compromise a server.Successful attacks\n involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS).\n (CVE-2019-2740)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 9, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-18T00:00:00", "title": "MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Jul 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2948", "CVE-2019-3823", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2778", "CVE-2019-2737", "CVE-2018-16890", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-3822", "CVE-2019-2819", "CVE-2019-2969"], "modified": "2019-07-18T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_27_JULY.NASL", "href": "https://www.tenable.com/plugins/nessus/126783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126783);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/17\");\n\n script_cve_id(\n \"CVE-2018-16890\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2741\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2791\",\n \"CVE-2019-2797\",\n \"CVE-2019-2805\",\n \"CVE-2019-2819\",\n \"CVE-2019-2948\",\n \"CVE-2019-2969\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(\n 106947,\n 106950,\n 109243,\n 109247\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Jul 2019 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.27. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - A stack-based buffer overflow vulnerability in the\n 'Server: Packaging (cURL)' subcomponent could allow an \n unauthenticated attacker to gain complete control of an\n affected instance of MySQL Server. (CVE-2019-3822)\n\n - A vulnerability in the 'Server: Parser' subcomponent. \n This is an easily exploitable vulnerability that allows\n a low privileged attacker with network access via\n multiple protocols to compromise the server. Successful\n attacks involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS). (CVE-2019-2805) \n\n - A vulnerability in the 'Server: XML' subcomponent. This\n is an easily exploitable vulnerability that allows a\n low privileged attacker with network access via multiple\n protocols to compromise a server.Successful attacks\n involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS).\n (CVE-2019-2740)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1adc2fd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.27', min:'5.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T01:11:56", "description": "An update of the mysql package has been released.", "edition": 20, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-09-23T00:00:00", "title": "Photon OS 3.0: Mysql PHSA-2019-3.0-0026", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2879", "CVE-2019-2808", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2810", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2812", "CVE-2019-2800", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2801"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:mysql", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0026_MYSQL.NASL", "href": "https://www.tenable.com/plugins/nessus/129103", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0026. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129103);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2741\",\n \"CVE-2019-2789\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2798\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2822\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\"\n );\n\n script_name(english:\"Photon OS 3.0: Mysql PHSA-2019-3.0-0026\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the mysql package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0026.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-8.0.17-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-debuginfo-8.0.17-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-devel-8.0.17-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-14T16:25:00", "description": "The version of MySQL running on the remote host is 8.0.x prior to\n8.0.17. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the\n 'Shell: Admin / InnoDB Cluster' subcomponent could allow\n an unauthenticated attacker to takeover an affected MySQL\n Server. A successful attack requires user interaction.\n (CVE-2019-2822)\n\n - As unspecified vulnerability in the 'Server: Replication'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n Additionally, a successful attacker could perform\n unauthorized modifications to some MySQL Server\n accessible data. (CVE-2019-2800)\n\n - As unspecified vulnerability in the 'Server: Charsets'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2795)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 9, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-07-18T00:00:00", "title": "MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2795", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-3003", "CVE-2019-2808", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2810", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2950", "CVE-2019-2752", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2757", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2800", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2801", "CVE-2019-2969"], "modified": "2019-07-18T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_17.NASL", "href": "https://www.tenable.com/plugins/nessus/126784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126784);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/17\");\n\n script_cve_id(\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2741\",\n \"CVE-2019-2752\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2791\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2822\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_bugtraq_id(109234, 109243, 109247);\n\n script_name(english:\"MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to\n8.0.17. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the\n 'Shell: Admin / InnoDB Cluster' subcomponent could allow\n an unauthenticated attacker to takeover an affected MySQL\n Server. A successful attack requires user interaction.\n (CVE-2019-2822)\n\n - As unspecified vulnerability in the 'Server: Replication'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n Additionally, a successful attacker could perform\n unauthorized modifications to some MySQL Server\n accessible data. (CVE-2019-2800)\n\n - As unspecified vulnerability in the 'Server: Charsets'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2795)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1adc2fd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(fixed:'8.0.17', min:'8.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-04-01T02:48:32", "description": "Oracle reports :\n\nThis Critical Patch Update contains 45 new security fixes for Oracle\nMySQL. 4 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-23T00:00:00", "title": "FreeBSD : MySQL -- Multiple vulerabilities (198e6220-ac8b-11e9-a1c7-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2740", "CVE-2019-2743", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2785", "CVE-2019-2808", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2810", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2730", "CVE-2019-2752", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2757", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2746", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql56-server", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mysql80-server", "p-cpe:/a:freebsd:freebsd:mariadb102-server", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:percona57-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server"], "id": "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/126928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126928);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-2730\", \"CVE-2019-2731\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2741\", \"CVE-2019-2743\", \"CVE-2019-2746\", \"CVE-2019-2747\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2791\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2822\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-3822\");\n\n script_name(english:\"FreeBSD : MySQL -- Multiple vulerabilities (198e6220-ac8b-11e9-a1c7-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 45 new security fixes for Oracle\nMySQL. 4 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aa2b901\"\n );\n # https://vuxml.freebsd.org/freebsd/198e6220-ac8b-11e9-a1c7-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?079298bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb102-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.41\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb102-server<10.2.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb103-server<10.3.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb104-server<10.4.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-server<8.0.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-server<5.7.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-24T09:23:58", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2511 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481,\n CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531,\n CVE-2019-2534)\n\n - mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486,\n CVE-2019-2532, CVE-2019-2533)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)\n\n - mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\n CVE-2019-2624, CVE-2019-2628)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596,\n CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688,\n CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584,\n CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617,\n CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)\n\n - mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739,\n CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)\n\n - mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774,\n CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815,\n CVE-2019-2830, CVE-2019-2834)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798,\n CVE-2019-2814, CVE-2019-2879)\n\n - mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2021-01-29T00:00:00", "title": "CentOS 8 : mysql:8.0 (CESA-2019:2511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-3003", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2950", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455", "CVE-2019-2969"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-server", "p-cpe:/a:centos:centos:mecab-ipadic", "p-cpe:/a:centos:centos:mecab-ipadic-EUCJP", "p-cpe:/a:centos:centos:mysql-libs", "p-cpe:/a:centos:centos:mysql-test", "p-cpe:/a:centos:centos:mecab", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:mysql-common", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:centos:centos:mysql-errmsg"], "id": "CENTOS8_RHSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/145612", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:2511. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145612);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-2420\",\n \"CVE-2019-2434\",\n \"CVE-2019-2436\",\n \"CVE-2019-2455\",\n \"CVE-2019-2481\",\n \"CVE-2019-2482\",\n \"CVE-2019-2486\",\n \"CVE-2019-2494\",\n \"CVE-2019-2495\",\n \"CVE-2019-2502\",\n \"CVE-2019-2503\",\n \"CVE-2019-2507\",\n \"CVE-2019-2510\",\n \"CVE-2019-2528\",\n \"CVE-2019-2529\",\n \"CVE-2019-2530\",\n \"CVE-2019-2531\",\n \"CVE-2019-2532\",\n \"CVE-2019-2533\",\n \"CVE-2019-2534\",\n \"CVE-2019-2535\",\n \"CVE-2019-2536\",\n \"CVE-2019-2537\",\n \"CVE-2019-2539\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2752\",\n \"CVE-2019-2755\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2798\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_bugtraq_id(\n 106619,\n 106622,\n 106625,\n 106626,\n 106627,\n 106628,\n 107913,\n 107924,\n 107927,\n 107928,\n 109243,\n 109247,\n 109259,\n 109260\n );\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"CentOS 8 : mysql:8.0 (CESA-2019:2511)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2511 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481,\n CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531,\n CVE-2019-2534)\n\n - mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486,\n CVE-2019-2532, CVE-2019-2533)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)\n\n - mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\n CVE-2019-2624, CVE-2019-2628)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596,\n CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688,\n CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584,\n CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617,\n CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)\n\n - mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739,\n CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)\n\n - mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774,\n CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815,\n CVE-2019-2830, CVE-2019-2834)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798,\n CVE-2019-2814, CVE-2019-2879)\n\n - mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2511\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-1.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-03-25T13:36:46", "description": "An update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 13, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "title": "RHEL 8 : mysql:8.0 (RHSA-2019:2511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-3003", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2950", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455", "CVE-2019-2969"], "modified": "2019-08-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mysql-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127991);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2623\", \"CVE-2019-2624\", \"CVE-2019-2625\", \"CVE-2019-2626\", \"CVE-2019-2627\", \"CVE-2019-2628\", \"CVE-2019-2630\", \"CVE-2019-2631\", \"CVE-2019-2634\", \"CVE-2019-2635\", \"CVE-2019-2636\", \"CVE-2019-2644\", \"CVE-2019-2681\", \"CVE-2019-2683\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\", \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2691\", \"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2969\", \"CVE-2019-3003\");\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2019:2511)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3003\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-ipadic / etc');\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-04-01T05:10:58", "description": "From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 21, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-3003", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2950", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455", "CVE-2019-2969"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-test", "p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mysql-server"], "id": "ORACLELINUX_ELSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511 and \n# Oracle Linux Security Advisory ELSA-2019-2511 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127983);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2623\", \"CVE-2019-2624\", \"CVE-2019-2625\", \"CVE-2019-2626\", \"CVE-2019-2627\", \"CVE-2019-2628\", \"CVE-2019-2630\", \"CVE-2019-2631\", \"CVE-2019-2634\", \"CVE-2019-2635\", \"CVE-2019-2636\", \"CVE-2019-2644\", \"CVE-2019-2681\", \"CVE-2019-2683\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\", \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2691\", \"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2969\", \"CVE-2019-3003\");\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/009076.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql:8.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-common-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-devel-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-errmsg-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-libs-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-server-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-test-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:34", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2740", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2778", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2819"], "description": "Multiple security issues were discovered in MySQL and this update includes \na new upstream MySQL version to fix these issues.\n\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to \nMySQL 5.7.27.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html> \n<https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html>", "edition": 3, "modified": "2019-07-24T00:00:00", "published": "2019-07-24T00:00:00", "id": "USN-4070-1", "href": "https://ubuntu.com/security/notices/USN-4070-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-10-20T21:02:44", "bulletinFamily": "software", "cvelist": ["CVE-2019-2740", "CVE-2019-2948", "CVE-2019-2758", "CVE-2019-2805", "CVE-2019-2778", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-3822", "CVE-2019-2819", "CVE-2019-2969"], "description": "## Severity\n\nMedium\n\n## Vendor\n\nCloud Foundry Foundation\n\n## Description\n\nCloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilites patched in the [July 2019 Critical Patch Update](<https://www.oracle.com/security-alerts/cpujul2019.html>), including:\n\n * CVE-2019-2737\n * CVE-2019-2738\n * CVE-2019-2739\n * CVE-2019-2740\n * CVE-2019-2741\n * CVE-2019-2757\n * CVE-2019-2758\n * CVE-2019-2774\n * CVE-2019-2778\n * CVE-2019-2791\n * CVE-2019-2797\n * CVE-2019-2805\n * CVE-2019-2819\n * CVE-2019-2948\n * CVE-2019-2969\n * CVE-2019-3822\n\n## Affected Cloud Foundry Products and Versions\n\n * Percona XtraDB Cluster Release \n * All versions prior to v0.21.0\n * CF Deployment \n * All versions prior to v12.12.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Percona XtraDB Cluster Release \n * Upgrade All versions to v0.21.0 or greater\n * CF Deployment \n * Upgrade All versions to v12.12.0 or greater\n\n## References\n\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\n## History\n\n2019-12-02: Initial vulnerability report published.\n", "edition": 3, "modified": "2019-12-02T00:00:00", "published": "2019-12-02T00:00:00", "id": "CFOUNDRY:D2095944B38019F3860438162F040964", "href": "https://www.cloudfoundry.org/blog/mysql-security-updates-jul2019/", "title": "MySQL Security Updates - July 2019 | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-07-22T17:41:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2740", "CVE-2019-2743", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2785", "CVE-2019-2808", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2810", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2730", "CVE-2019-2752", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2757", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2741", "CVE-2019-2791", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2746", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801"], "description": "\nOracle reports:\n\nThis Critical Patch Update contains 45 new security fixes for\n\t Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\n\t \n\n", "edition": 1, "modified": "2019-07-16T00:00:00", "published": "2019-07-16T00:00:00", "id": "198E6220-AC8B-11E9-A1C7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/198e6220-ac8b-11e9-a1c7-b499baebfeaf.html", "title": "MySQL -- Multiple vulerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2743", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2741", "CVE-2019-2635", "CVE-2019-2791", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2746", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455"], "description": "mecab\n[0.996-1.9]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[0.996-1.8]\n- skip %verify of /etc/opt/rh/rh-mysql57/mecabrc\n Resolves: #1382315\n[0.996-1.7]\n- Prefix library major number with SCL name in soname\n[0.996-1.6]\n- Require runtime package from the scl\n[0.996-1.5]\n- Convert to SCL package\n[0.996-1.4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[0.996-1.3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[0.996-1.2]\n- Rebuilt for GCC 5 C++11 ABI change\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\nmecab-ipadic\n[2.7.0.20070801-16.0.1]\n- Rename the LICENSE.Fedora to LICENSE.oracle\n[2.7.0.20070801-16]\n- Rename the LICENSE.fedora to LICENSE.rhel\n[2.7.0.20070801-15]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[2.7.0.20070801-14.1]\n- Require runtime package from the scl\n[2.7.0.20070801-13.1]\n- Convert to SCL package\n[2.7.0.20070801-12.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[2.7.0.20070801-11.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[2.7.0.20070801-10.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[2.7.0.20070801-9.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[2.7.0.20070801-8.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[2.7.0.20070801-7.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild\n[2.7.0.20070801-6.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[2.7.0.20070801-5.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild\n[2.7.0.20070801-4.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n* Wed Jan 13 2010 Mamoru Tasaka \n- Fix URL for Source2\n[2.7.0.20070801-3]\n- F-12: Mass rebuild\n[2.7.0.20070801-2]\n- F-11: Mass rebuild\n[2.7.0.20070801.dist.1]\n- License update\n[2.7.0.20070801]\n- New release 2.7.0-20070801\n[2.7.0.20070610]\n- New release 2.7.0-20070610\n[2.7.0.20060707-2]\n- Fix typo\n[2.7.0.20060707-1]\n- Initial packaging, based on mecab-jumandic spec file\nmysql\n[8.0.17-3]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-2]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-1]\n- Rebase to 8.0.17\n- Resolves: #1732042\n- CVEs fixed:\n CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741\n CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755\n CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780\n CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795\n CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801\n CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810\n CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819\n CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879", "edition": 2, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-2511", "href": "http://linux.oracle.com/errata/ELSA-2019-2511.html", "title": "mysql:8.0 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2020-11-10T10:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:13", "published": "2019-08-15T21:31:05", "id": "RHSA-2019:2511", "href": "https://access.redhat.com/errata/RHSA-2019:2511", "type": "redhat", "title": "(RHSA-2019:2511) Important: mysql:8.0 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:31:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:11", "published": "2019-08-14T10:35:35", "id": "RHSA-2019:2484", "href": "https://access.redhat.com/errata/RHSA-2019:2484", "type": "redhat", "title": "(RHSA-2019:2484) Important: rh-mysql80-mysql security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2019-08-16T16:32:12", "bulletinFamily": "software", "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: [ CVE-2019-2725 (April 29, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html>) and [ CVE-2019-2729 (June 18, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html>). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "modified": "2019-08-16T00:00:00", "published": "2019-07-16T00:00:00", "id": "ORACLE:CPUJUL2019-5072835", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:19", "bulletinFamily": "software", "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "modified": "2020-10-12T00:00:00", "published": "2019-07-16T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
