{"id": "CVE-2019-2967", "bulletinFamily": "NVD", "title": "CVE-2019-2967", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "published": "2019-10-16T18:15:00", "modified": "2019-11-11T20:15:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2967", "reporter": "cve@mitre.org", "references": ["https://usn.ubuntu.com/4195-1/", "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/", "https://security.netapp.com/advisory/ntap-20191017-0002/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/"], "cvelist": ["CVE-2019-2967"], "type": "cve", "lastseen": "2020-12-09T21:41:52", "edition": 9, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310877254", "OPENVAS:1361412562310876989", "OPENVAS:1361412562310876992", "OPENVAS:1361412562310143028", "OPENVAS:1361412562310143027", "OPENVAS:1361412562310844243"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-3755.NASL", "UBUNTU_USN-4195-1.NASL", "FEDORA_2019-D40DF38271.NASL", "FEDORA_2019-C1FAB3F139.NASL", "PHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL", "REDHAT-RHSA-2020-3757.NASL", "FEDORA_2019-48A0A07033.NASL", "ORACLELINUX_ELSA-2020-3732.NASL", "MYSQL_8_0_18.NASL", "FREEBSD_PKG_FC91F2EFFD7B11E9A1C7B499BAEBFEAF.NASL"]}, {"type": "fedora", "idList": ["FEDORA:606B860C9ACA", "FEDORA:3DD4360D9951", "FEDORA:4B6C7601CE4B"]}, {"type": "ubuntu", "idList": ["USN-4195-1"]}, {"type": "freebsd", "idList": ["FC91F2EF-FD7B-11E9-A1C7-B499BAEBFEAF"]}, {"type": "redhat", "idList": ["RHSA-2020:3755", "RHSA-2020:3518", "RHSA-2020:3732", "RHSA-2020:3757"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3732"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832"]}], "modified": "2020-12-09T21:41:52", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2020-12-09T21:41:52", "rev": 2}, "vulnersScore": 4.1}, "cpe": ["cpe:/a:oracle:mysql:8.0.17"], "affectedSoftware": [{"cpeName": "oracle:mysql", "name": "oracle mysql", "operator": "le", "version": "8.0.17"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.17:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:mysql:8.0.17:*:*:*:*:*:*:*", "versionEndIncluding": "8.0.17", "versionStartIncluding": "8.0.0", "vulnerable": true}], "operator": "OR"}]}}

{"nessus": [{"lastseen": "2021-01-01T02:23:16", "description": "**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-11-12T00:00:00", "title": "Fedora 30 : community-mysql (2019-48a0a07033)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-2938"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2019-48A0A07033.NASL", "href": "https://www.tenable.com/plugins/nessus/130783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-48a0a07033.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130783);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_xref(name:\"FEDORA\", value:\"2019-48a0a07033\");\n\n script_name(english:\"Fedora 30 : community-mysql (2019-48a0a07033)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-48a0a07033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=96698\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2991\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"community-mysql-8.0.18-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T02:27:25", "description": "**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-11-12T00:00:00", "title": "Fedora 29 : community-mysql (2019-c1fab3f139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-2938"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2019-C1FAB3F139.NASL", "href": "https://www.tenable.com/plugins/nessus/130795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-c1fab3f139.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130795);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_xref(name:\"FEDORA\", value:\"2019-c1fab3f139\");\n\n script_name(english:\"Fedora 29 : community-mysql (2019-c1fab3f139)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c1fab3f139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=96698\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2991\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"community-mysql-8.0.18-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T02:27:41", "description": "**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-11-12T00:00:00", "title": "Fedora 31 : community-mysql (2019-d40df38271)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-2938"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-D40DF38271.NASL", "href": "https://www.tenable.com/plugins/nessus/130799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d40df38271.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130799);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_xref(name:\"FEDORA\", value:\"2019-d40df38271\");\n\n script_name(english:\"Fedora 31 : community-mysql (2019-d40df38271)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.18**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n\nCVEs fixed :\n\nCVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957\nCVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968\nCVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997\nCVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1768175\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nMaintainer notes :\n\nlinking with GOLD disabled on armv7hl, because of\nhttps://bugs.mysql.com/bug.php?id=96698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d40df38271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=96698\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2991\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"community-mysql-8.0.18-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-23T04:16:55", "description": "The version of MySQL running on the remote host is 8.0.x prior \n to 8.0.18. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below,\n as noted in the October 2019 Critical Patch Update advisory:\n \n - Vulnerabilities in the MySQL Server product of Oracle MySQL (components: Server: C API and Optimizer). Easily \n exploitable vulnerabilities which allow low privileged attackers with network access via multiple protocols to \n compromise MySQL Server. Successful exploitation of these vulnerabilities can result in unauthorized ability to cause \n a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2966, CVE-2019-3011)\n\n - A non-privileged user or program can put code and a config file in a known non-privileged path (under \n C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl 'engine') on invocation. \n If that curl is invoked by a privileged user it can do anything it wants. (CVE-2019-5443)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 14, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-10-18T00:00:00", "title": "MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2020-2580", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2021-2001", "CVE-2019-3018", "CVE-2019-2911", "CVE-2020-2589", "CVE-2020-2752", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-5443", "CVE-2019-2938"], "modified": "2019-10-18T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_18.NASL", "href": "https://www.tenable.com/plugins/nessus/130027", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130027);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-2752\",\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2019-5443\",\n \"CVE-2020-2580\",\n \"CVE-2020-2589\",\n \"CVE-2021-2001\"\n );\n script_bugtraq_id(108881);\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior \n to 8.0.18. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below,\n as noted in the October 2019 Critical Patch Update advisory:\n \n - Vulnerabilities in the MySQL Server product of Oracle MySQL (components: Server: C API and Optimizer). Easily \n exploitable vulnerabilities which allow low privileged attackers with network access via multiple protocols to \n compromise MySQL Server. Successful exploitation of these vulnerabilities can result in unauthorized ability to cause \n a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2966, CVE-2019-3011)\n\n - A non-privileged user or program can put code and a config file in a known non-privileged path (under \n C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl 'engine') on invocation. \n If that curl is invoked by a privileged user it can do anything it wants. (CVE-2019-5443)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97fbbe00\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b370bc74\");\n # https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f5cff95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2991\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\nmysql_check_version(fixed:'8.0.18', min:'8.0.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-09-18T11:02:29", "description": "Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS,\nUbuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-11-20T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : MySQL vulnerabilities (USN-4195-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2948", "CVE-2019-3003", "CVE-2019-2920", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2910", "CVE-2019-2950", "CVE-2019-2922", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-2923", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2924", "CVE-2019-2967", "CVE-2019-2938", "CVE-2019-2969"], "modified": "2019-11-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0"], "id": "UBUNTU_USN-4195-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4195-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131161);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-2910\", \"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2920\", \"CVE-2019-2922\", \"CVE-2019-2923\", \"CVE-2019-2924\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2969\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3003\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_xref(name:\"USN\", value:\"4195-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : MySQL vulnerabilities (USN-4195-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS,\nUbuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html\nhttps://www.oracle.com/security-alerts/cpuoct2019.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4195-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected mysql-server-5.7 and / or mysql-server-8.0\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2991\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.28-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.28-0ubuntu0.18.04.4\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.28-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"mysql-server-8.0\", pkgver:\"8.0.18-0ubuntu0.19.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.7 / mysql-server-8.0\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T02:46:57", "description": "Oracle reports :\n\nThis Critical Patch Update contains 31 new security fixes for Oracle\nMySQL. 6 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.", "edition": 16, "cvss3": {"score": 7.4, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2019-11-04T00:00:00", "title": "FreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2948", "CVE-2019-3003", "CVE-2019-2920", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-1543", "CVE-2019-2910", "CVE-2019-2950", "CVE-2019-2922", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-2923", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2924", "CVE-2019-2967", "CVE-2019-5443", "CVE-2019-2938", "CVE-2019-2969"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql56-server", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mysql80-server", "p-cpe:/a:freebsd:freebsd:mariadb102-server", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:percona57-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server"], "id": "FREEBSD_PKG_FC91F2EFFD7B11E9A1C7B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/130496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130496);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-1543\", \"CVE-2019-2910\", \"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2920\", \"CVE-2019-2922\", \"CVE-2019-2923\", \"CVE-2019-2924\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2969\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3003\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\", \"CVE-2019-5443\");\n\n script_name(english:\"FreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 31 new security fixes for Oracle\nMySQL. 6 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpuoct2019.html\"\n );\n # https://vuxml.freebsd.org/freebsd/fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cdc8bfa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb102-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.66\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb102-server<10.2.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb103-server<10.3.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb104-server<10.4.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-server<8.0.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.66\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-server<5.7.28\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-05-08T16:52:29", "description": "An update of the mysql package has been released.", "edition": 3, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2020-04-22T00:00:00", "title": "Photon OS 3.0: Mysql PHSA-2020-3.0-0082", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2020-2770", "CVE-2020-2761", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2577", "CVE-2020-2923", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2579", "CVE-2020-2762", "CVE-2019-2920", "CVE-2019-2991", "CVE-2020-2580", "CVE-2019-2966", "CVE-2019-2997", "CVE-2020-2572", "CVE-2019-3004", "CVE-2020-2904", "CVE-2019-2974", "CVE-2019-2960", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2019-2963", "CVE-2020-2779", "CVE-2020-2588", "CVE-2020-2627", "CVE-2020-2573", "CVE-2020-2897", "CVE-2019-3018", "CVE-2020-2774", "CVE-2020-2574", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2660", "CVE-2020-2584", "CVE-2019-2911", "CVE-2020-2901", "CVE-2020-2589", "CVE-2020-2570", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2752", "CVE-2019-2791", "CVE-2019-2957", "CVE-2019-3011", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2694", "CVE-2019-2998", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2768", "CVE-2020-2804", "CVE-2019-3009", "CVE-2020-2814", "CVE-2020-2759", "CVE-2019-2914", "CVE-2019-2967", "CVE-2020-2925", "CVE-2019-2938"], "modified": "2020-04-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:mysql", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL", "href": "https://www.tenable.com/plugins/nessus/135872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0082. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135872);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/06\");\n\n script_cve_id(\n \"CVE-2019-2791\",\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2920\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2572\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2768\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\"\n );\n script_bugtraq_id(109247);\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"Photon OS 3.0: Mysql PHSA-2020-3.0-0082\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the mysql package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-82.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-8.0.19-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-debuginfo-8.0.19-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-devel-8.0.19-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-11-21T06:04:10", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "title": "RHEL 8 : mysql:8.0 (RHSA-2020:3732)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2020-2770", "CVE-2020-2761", "CVE-2019-2993", "CVE-2019-2982", "CVE-2020-14641", "CVE-2019-2968", "CVE-2020-2893", "CVE-2020-14586", "CVE-2020-14553", "CVE-2020-2896", "CVE-2020-2577", "CVE-2020-2923", "CVE-2020-14702", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2579", "CVE-2020-2762", "CVE-2020-14540", "CVE-2019-2991", "CVE-2020-2580", "CVE-2020-14567", "CVE-2019-2966", "CVE-2020-14539", "CVE-2020-14634", "CVE-2020-14619", "CVE-2019-2997", "CVE-2019-3004", "CVE-2020-2904", "CVE-2020-14663", "CVE-2019-2974", "CVE-2019-2960", "CVE-2020-2763", "CVE-2020-14680", "CVE-2020-14624", "CVE-2020-14656", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-14620", "CVE-2020-14575", "CVE-2020-14568", "CVE-2020-14547", "CVE-2020-14576", "CVE-2020-14654", "CVE-2019-2963", "CVE-2020-2779", "CVE-2020-14597", "CVE-2020-2588", "CVE-2020-2627", "CVE-2020-2573", "CVE-2020-2897", "CVE-2019-3018", "CVE-2020-14678", "CVE-2020-2774", "CVE-2020-14643", "CVE-2020-2574", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2660", "CVE-2020-14550", "CVE-2020-2584", "CVE-2020-14697", "CVE-2019-2911", "CVE-2020-2901", "CVE-2020-2589", "CVE-2020-2570", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2679", "CVE-2020-14623", "CVE-2020-2686", "CVE-2020-2752", "CVE-2019-2957", "CVE-2019-3011", "CVE-2020-2853", "CVE-2020-14651", "CVE-2020-14631", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2694", "CVE-2020-14559", "CVE-2019-2998", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-14633", "CVE-2020-2804", "CVE-2019-3009", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-14632", "CVE-2019-2914", "CVE-2019-2967", "CVE-2020-2925", "CVE-2019-2938", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-14614"], "modified": "2020-11-18T00:00:00", "cpe": ["cpe:/o:redhat:rhel_tus:8.2", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mysql-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-debugsource", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "cpe:/a:redhat:rhel_tus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_eus:8.2", "p-cpe:/a:redhat:enterprise_linux:mysql", "cpe:/a:redhat:rhel_eus:8.2::appstream"], "id": "REDHAT-RHSA-2020-3732.NASL", "href": "https://www.tenable.com/plugins/nessus/143030", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3732. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143030);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\",\n \"CVE-2020-14799\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3732\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2020:3732)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_aus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_tus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3732');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-ipadic / mecab-ipadic-EUCJP / mysql / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-19T05:34:07", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3757 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-15T00:00:00", "title": "RHEL 8 : mysql:8.0 (RHSA-2020:3757)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2020-2770", "CVE-2020-2761", "CVE-2019-2993", "CVE-2019-2982", "CVE-2020-14641", "CVE-2019-2968", "CVE-2020-2893", "CVE-2020-14586", "CVE-2020-14553", "CVE-2020-2896", "CVE-2020-2577", "CVE-2020-2923", "CVE-2020-14702", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2579", "CVE-2020-2762", "CVE-2020-14540", "CVE-2019-2991", "CVE-2020-2580", "CVE-2020-14567", "CVE-2019-2966", "CVE-2020-14539", "CVE-2020-14634", "CVE-2020-14619", "CVE-2019-2997", "CVE-2019-3004", "CVE-2020-2904", "CVE-2020-14663", "CVE-2019-2974", "CVE-2019-2960", "CVE-2020-2763", "CVE-2020-14680", "CVE-2020-14624", "CVE-2020-14656", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-14620", "CVE-2020-14575", "CVE-2020-14568", "CVE-2020-14547", "CVE-2020-14576", "CVE-2020-14654", "CVE-2019-2963", "CVE-2020-2779", "CVE-2020-14597", "CVE-2020-2588", "CVE-2020-2627", "CVE-2020-2573", "CVE-2020-2897", "CVE-2019-3018", "CVE-2020-14678", "CVE-2020-2774", "CVE-2020-14643", "CVE-2020-2574", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2660", "CVE-2020-14550", "CVE-2020-2584", "CVE-2020-14697", "CVE-2019-2911", "CVE-2020-2901", "CVE-2020-2589", "CVE-2020-2570", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2679", "CVE-2020-14623", "CVE-2020-2686", "CVE-2020-2752", "CVE-2019-2957", "CVE-2019-3011", "CVE-2020-2853", "CVE-2020-14651", "CVE-2020-14631", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2694", "CVE-2020-14559", "CVE-2019-2998", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-14633", "CVE-2020-2804", "CVE-2019-3009", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-14632", "CVE-2019-2914", "CVE-2019-2967", "CVE-2020-2925", "CVE-2019-2938", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-14614"], "modified": "2020-09-15T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "cpe:/a:redhat:rhel_eus:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mysql-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-debugsource", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2020-3757.NASL", "href": "https://www.tenable.com/plugins/nessus/140599", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3757. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140599);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3757\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2020:3757)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3757 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3757');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-common-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-debugsource-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-devel-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-libs-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-server-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'mysql-test-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-ipadic / mecab-ipadic-EUCJP / mysql / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-26T09:38:46", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3732 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). (CVE-2019-2911)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2914)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2938)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2946)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2957)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2960)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2963, CVE-2019-2968)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2966, CVE-2019-2967)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2982, CVE-2019-2998)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2991)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2993)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2997, CVE-2020-2580)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3004)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported\n versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3009)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3011)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3018)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2570, CVE-2020-2573)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2579)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-2584)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2588)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2589)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2627)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2660)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2679)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2686)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2694)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2759)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-2760)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779,\n CVE-2020-2853)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2763)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2765)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2770)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9\n (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2814)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901,\n CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2896)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported\n version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2898)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2903)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2921)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL\n Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2925)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2926)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2930)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14540)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14547)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14550)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to\n some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily\n exploitable vulnerability allows low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access\n to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14559)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14567)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14568, CVE-2020-14623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14575, CVE-2020-14620)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14576)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14586, CVE-2020-14702)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654,\n CVE-2020-14725)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14619)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS\n 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2020-14633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score\n 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14634)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-14641)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-14643, CVE-2020-14651)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2\n (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14680)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-17T00:00:00", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2020-3732)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2020-2770", "CVE-2020-2761", "CVE-2019-2993", "CVE-2019-2982", "CVE-2020-14641", "CVE-2019-2968", "CVE-2020-2893", "CVE-2020-14586", "CVE-2020-14553", "CVE-2020-2896", "CVE-2020-2577", "CVE-2020-2923", "CVE-2020-14702", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2579", "CVE-2020-2762", "CVE-2020-14540", "CVE-2019-2991", "CVE-2020-2580", "CVE-2020-14567", "CVE-2019-2966", "CVE-2020-14539", "CVE-2020-14634", "CVE-2020-14619", "CVE-2019-2997", "CVE-2019-3004", "CVE-2020-2904", "CVE-2020-14663", "CVE-2019-2974", "CVE-2019-2960", "CVE-2020-2763", "CVE-2020-14680", "CVE-2020-14624", "CVE-2020-14656", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-14620", "CVE-2020-14575", "CVE-2020-14568", "CVE-2020-14547", "CVE-2020-14576", "CVE-2020-14654", "CVE-2019-2963", "CVE-2020-2779", "CVE-2020-14597", "CVE-2020-2588", "CVE-2020-2627", "CVE-2020-2573", "CVE-2020-2897", "CVE-2019-3018", "CVE-2020-14678", "CVE-2020-2774", "CVE-2020-14643", "CVE-2020-2574", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2660", "CVE-2020-14550", "CVE-2020-2584", "CVE-2020-14697", "CVE-2019-2911", "CVE-2020-2901", "CVE-2020-2589", "CVE-2020-2570", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2679", "CVE-2020-14623", "CVE-2020-2686", "CVE-2020-2752", "CVE-2019-2957", "CVE-2019-3011", "CVE-2020-2853", "CVE-2020-14651", "CVE-2020-14631", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2694", "CVE-2020-14559", "CVE-2019-2998", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-14633", "CVE-2020-2804", "CVE-2019-3009", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-14632", "CVE-2019-2914", "CVE-2019-2967", "CVE-2020-2925", "CVE-2019-2938", "CVE-2020-14725", "CVE-2020-14614"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-test", "p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mysql-server"], "id": "ORACLELINUX_ELSA-2020-3732.NASL", "href": "https://www.tenable.com/plugins/nessus/140614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3732.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140614);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\"\n );\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2020-3732)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3732 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). (CVE-2019-2911)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2914)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2938)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2946)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2957)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2960)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2963, CVE-2019-2968)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2966, CVE-2019-2967)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2982, CVE-2019-2998)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2991)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2993)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2997, CVE-2020-2580)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3004)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported\n versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3009)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3011)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3018)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2570, CVE-2020-2573)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2579)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-2584)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2588)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2589)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2627)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2660)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2679)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2686)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2694)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2759)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-2760)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779,\n CVE-2020-2853)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2763)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2765)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2770)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9\n (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2814)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901,\n CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2896)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported\n version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2898)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2903)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2921)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL\n Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2925)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2926)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2930)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14540)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14547)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14550)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to\n some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily\n exploitable vulnerability allows low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access\n to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14559)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14567)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14568, CVE-2020-14623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14575, CVE-2020-14620)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14576)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14586, CVE-2020-14702)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654,\n CVE-2020-14725)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14619)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS\n 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2020-14633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score\n 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14634)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-14641)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-14643, CVE-2020-14651)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2\n (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14680)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-3732.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-11-13T19:28:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-2938"], "description": "The remote host is missing an update for the ", "modified": "2019-11-13T00:00:00", "published": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310876989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876989", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-48a0a07033", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876989\");\n script_version(\"2019-11-13T08:06:35+0000\");\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-13 08:06:35 +0000 (Wed, 13 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-12 03:25:51 +0000 (Tue, 12 Nov 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-48a0a07033\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-48a0a07033\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-48a0a07033 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.18~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2967", "CVE-2019-2938"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877254", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-d40df38271", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877254\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:34:03 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-d40df38271\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d40df38271\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-d40df38271 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.18~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-10-24T20:52:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2982", "CVE-2019-1547", "CVE-2019-2968", "CVE-2019-9936", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-1549", "CVE-2019-9937", "CVE-2019-2963", "CVE-2019-1563", "CVE-2019-8457", "CVE-2019-3018", "CVE-2019-1552", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-10072", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2967"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310143028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143028", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.18 Security Update (2019-5072832) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143028\");\n script_version(\"2019-10-23T06:40:25+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 06:40:25 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 05:23:48 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3011\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-3004\", \"CVE-2019-2991\",\n \"CVE-2019-2963\", \"CVE-2019-2968\", \"CVE-2019-2982\", \"CVE-2019-2998\", \"CVE-2019-2957\",\n \"CVE-2019-3018\", \"CVE-2019-3009\", \"CVE-2019-2997\", \"CVE-2019-8457\", \"CVE-2019-10072\",\n \"CVE-2019-1549\", \"CVE-2019-1547\", \"CVE-2019-1552\", \"CVE-2019-1563\", \"CVE-2019-9936\",\n \"CVE-2019-9937\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.18 Security Update (2019-5072832) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.0 - 8.0.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.18 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.17\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.18\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-24T20:52:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2982", "CVE-2019-1547", "CVE-2019-2968", "CVE-2019-9936", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-1549", "CVE-2019-9937", "CVE-2019-2963", "CVE-2019-1563", "CVE-2019-8457", "CVE-2019-3018", "CVE-2019-1552", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-10072", "CVE-2019-2998", "CVE-2019-3009", "CVE-2019-2967"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310143027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143027", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.18 Security Update (2019-5072832) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143027\");\n script_version(\"2019-10-23T06:40:25+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 06:40:25 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 05:18:34 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3011\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-3004\", \"CVE-2019-2991\",\n \"CVE-2019-2963\", \"CVE-2019-2968\", \"CVE-2019-2982\", \"CVE-2019-2998\", \"CVE-2019-2957\",\n \"CVE-2019-3018\", \"CVE-2019-3009\", \"CVE-2019-2997\", \"CVE-2019-8457\", \"CVE-2019-10072\",\n \"CVE-2019-1549\", \"CVE-2019-1547\", \"CVE-2019-1552\", \"CVE-2019-1563\", \"CVE-2019-9936\",\n \"CVE-2019-9937\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.18 Security Update (2019-5072832) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.0 - 8.0.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.18 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.17\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.18\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T14:47:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2948", "CVE-2019-3003", "CVE-2019-2920", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2910", "CVE-2019-2950", "CVE-2019-2922", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-2923", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2924", "CVE-2019-2967", "CVE-2019-2938", "CVE-2019-2969"], "description": "The remote host is missing an update for the ", "modified": "2019-12-12T00:00:00", "published": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310844243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844243", "type": "openvas", "title": "Ubuntu Update for mysql-8.0 USN-4195-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844243\");\n script_version(\"2019-12-12T11:35:23+0000\");\n script_cve_id(\"CVE-2019-2910\", \"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2920\", \"CVE-2019-2922\", \"CVE-2019-2923\", \"CVE-2019-2924\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2969\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3003\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-12 11:35:23 +0000 (Thu, 12 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-19 03:01:02 +0000 (Tue, 19 Nov 2019)\");\n script_name(\"Ubuntu Update for mysql-8.0 USN-4195-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4195-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-November/005213.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-8.0'\n package(s) announced via the USN-4195-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu\n18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.\n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\");\n\n script_tag(name:\"affected\", value:\"'mysql-8.0' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.28-0ubuntu0.18.04.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-8.0\", ver:\"8.0.18-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.28-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.28-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-11-13T19:28:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3170", "CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2529", "CVE-2019-2532", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2019-2494", "CVE-2018-3280", "CVE-2018-3247", "CVE-2019-2531", "CVE-2019-2991", "CVE-2019-2528", "CVE-2019-2966", "CVE-2018-3285", "CVE-2019-2434", "CVE-2018-3282", "CVE-2018-3145", "CVE-2019-2997", "CVE-2018-3133", "CVE-2019-3004", "CVE-2018-3182", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2486", "CVE-2019-2482", "CVE-2018-3144", "CVE-2018-3212", "CVE-2019-2530", "CVE-2018-3173", "CVE-2018-3187", "CVE-2019-2963", "CVE-2018-3276", "CVE-2018-3156", "CVE-2019-2420", "CVE-2019-2536", "CVE-2018-3161", "CVE-2018-3251", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-3018", "CVE-2018-3155", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2510", "CVE-2019-2502", "CVE-2018-3279", "CVE-2019-2535", "CVE-2018-3284", "CVE-2018-3162", "CVE-2019-2911", "CVE-2018-3278", "CVE-2018-3186", "CVE-2018-3171", "CVE-2019-2957", "CVE-2019-3011", "CVE-2018-3143", "CVE-2018-3277", "CVE-2019-2507", "CVE-2019-2998", "CVE-2019-2533", "CVE-2018-3185", "CVE-2019-2503", "CVE-2018-3283", "CVE-2019-3009", "CVE-2018-3286", "CVE-2019-2914", "CVE-2019-2495", "CVE-2018-3200", "CVE-2019-2967", "CVE-2018-3195", "CVE-2019-2481", "CVE-2019-2938", "CVE-2019-2455"], "description": "The remote host is missing an update for the ", "modified": "2019-11-13T00:00:00", "published": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310876992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876992", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-c1fab3f139", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876992\");\n script_version(\"2019-11-13T08:06:35+0000\");\n script_cve_id(\"CVE-2019-2911\", \"CVE-2019-2914\", \"CVE-2019-2938\", \"CVE-2019-2946\", \"CVE-2019-2957\", \"CVE-2019-2960\", \"CVE-2019-2963\", \"CVE-2019-2966\", \"CVE-2019-2967\", \"CVE-2019-2968\", \"CVE-2019-2974\", \"CVE-2019-2982\", \"CVE-2019-2991\", \"CVE-2019-2993\", \"CVE-2019-2997\", \"CVE-2019-2998\", \"CVE-2019-3004\", \"CVE-2019-3009\", \"CVE-2019-3011\", \"CVE-2019-3018\", \"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2018-3276\", \"CVE-2018-3200\", \"CVE-2018-3137\", \"CVE-2018-3284\", \"CVE-2018-3195\", \"CVE-2018-3173\", \"CVE-2018-3212\", \"CVE-2018-3279\", \"CVE-2018-3162\", \"CVE-2018-3247\", \"CVE-2018-3156\", \"CVE-2018-3161\", \"CVE-2018-3278\", \"CVE-2018-3174\", \"CVE-2018-3282\", \"CVE-2018-3285\", \"CVE-2018-3187\", \"CVE-2018-3277\", \"CVE-2018-3144\", \"CVE-2018-3145\", \"CVE-2018-3170\", \"CVE-2018-3186\", \"CVE-2018-3182\", \"CVE-2018-3133\", \"CVE-2018-3143\", \"CVE-2018-3283\", \"CVE-2018-3171\", \"CVE-2018-3251\", \"CVE-2018-3286\", \"CVE-2018-3185\", \"CVE-2018-3280\", \"CVE-2018-3203\", \"CVE-2018-3155\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-13 08:06:35 +0000 (Wed, 13 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-12 03:26:12 +0000 (Tue, 12 Nov 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-c1fab3f139\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c1fab3f139\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-c1fab3f139 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.18~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-11-12T02:21:56", "published": "2019-11-12T02:21:56", "id": "FEDORA:3DD4360D9951", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: community-mysql-8.0.18-1.fc31", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-11-12T02:09:19", "published": "2019-11-12T02:09:19", "id": "FEDORA:4B6C7601CE4B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3133", "CVE-2018-3137", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3182", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3195", "CVE-2018-3200", "CVE-2018-3203", "CVE-2018-3212", "CVE-2018-3247", "CVE-2018-3251", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-11-11T17:41:09", "published": "2019-11-11T17:41:09", "id": "FEDORA:606B860C9ACA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: community-mysql-8.0.18-1.fc29", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2948", "CVE-2019-3003", "CVE-2019-2920", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2910", "CVE-2019-2950", "CVE-2019-2922", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-2923", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2924", "CVE-2019-2967", "CVE-2019-2938", "CVE-2019-2969"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu \n18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information: \n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html> \n<https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html> \n<https://www.oracle.com/security-alerts/cpuoct2019.html>", "edition": 2, "modified": "2019-11-18T00:00:00", "published": "2019-11-18T00:00:00", "id": "USN-4195-1", "href": "https://ubuntu.com/security/notices/USN-4195-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-11-02T18:01:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2946", "CVE-2019-2993", "CVE-2019-2982", "CVE-2019-2968", "CVE-2019-2948", "CVE-2019-3003", "CVE-2019-2920", "CVE-2019-2991", "CVE-2019-2966", "CVE-2019-2997", "CVE-2019-3004", "CVE-2019-2974", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-1543", "CVE-2019-2910", "CVE-2019-2950", "CVE-2019-2922", "CVE-2019-3018", "CVE-2019-2911", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-2998", "CVE-2019-2923", "CVE-2019-3009", "CVE-2019-2914", "CVE-2019-2924", "CVE-2019-2967", "CVE-2019-5443", "CVE-2019-2938", "CVE-2019-2969"], "description": "\nOracle reports:\n\nThis Critical Patch Update contains 31 new security fixes for\n\t Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\n\t \n\n", "edition": 1, "modified": "2019-10-15T00:00:00", "published": "2019-10-15T00:00:00", "id": "FC91F2EF-FD7B-11E9-A1C7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf.html", "title": "MySQL -- Multiple vulerabilities", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2020-11-10T10:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T01:11:21", "published": "2020-09-15T20:04:48", "id": "RHSA-2020:3755", "href": "https://access.redhat.com/errata/RHSA-2020:3755", "type": "redhat", "title": "(RHSA-2020:3755) Important: mysql:8.0 security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-27T22:51:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. \n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T01:11:40", "published": "2020-08-19T17:45:28", "id": "RHSA-2020:3518", "href": "https://access.redhat.com/errata/RHSA-2020:3518", "type": "redhat", "title": "(RHSA-2020:3518) Important: rh-mysql80-mysql security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T10:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T01:07:40", "published": "2020-09-15T22:10:12", "id": "RHSA-2020:3757", "href": "https://access.redhat.com/errata/RHSA-2020:3757", "type": "redhat", "title": "(RHSA-2020:3757) Important: mysql:8.0 security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T10:20:20", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T01:07:38", "published": "2020-09-14T16:23:24", "id": "RHSA-2020:3732", "href": "https://access.redhat.com/errata/RHSA-2020:3732", "type": "redhat", "title": "(RHSA-2020:3732) Important: mysql:8.0 security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2946", "CVE-2020-2770", "CVE-2020-2761", "CVE-2019-2993", "CVE-2019-2982", "CVE-2020-14641", "CVE-2019-2968", "CVE-2020-2893", "CVE-2020-14586", "CVE-2020-14553", "CVE-2020-2896", "CVE-2020-2577", "CVE-2020-2923", "CVE-2020-14702", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2579", "CVE-2020-2762", "CVE-2020-14540", "CVE-2019-2991", "CVE-2020-2580", "CVE-2020-14567", "CVE-2019-2966", "CVE-2020-14539", "CVE-2020-14634", "CVE-2020-14619", "CVE-2019-2997", "CVE-2019-3004", "CVE-2020-2904", "CVE-2020-14663", "CVE-2019-2974", "CVE-2019-2960", "CVE-2020-2763", "CVE-2020-14680", "CVE-2020-14624", "CVE-2020-14656", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-14620", "CVE-2020-14575", "CVE-2020-14568", "CVE-2020-14547", "CVE-2020-14576", "CVE-2020-14654", "CVE-2019-2963", "CVE-2020-2779", "CVE-2020-14597", "CVE-2020-2588", "CVE-2020-2627", "CVE-2020-2573", "CVE-2020-2897", "CVE-2019-3018", "CVE-2020-14678", "CVE-2020-2774", "CVE-2020-14643", "CVE-2020-2574", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2660", "CVE-2020-14550", "CVE-2020-2584", "CVE-2020-14697", "CVE-2019-2911", "CVE-2020-2901", "CVE-2020-2589", "CVE-2020-2570", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2679", "CVE-2020-14623", "CVE-2020-2686", "CVE-2020-2752", "CVE-2019-2957", "CVE-2019-3011", "CVE-2020-2853", "CVE-2020-14651", "CVE-2020-14631", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2694", "CVE-2020-14559", "CVE-2019-2998", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-14633", "CVE-2020-2804", "CVE-2019-3009", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-14632", "CVE-2019-2914", "CVE-2019-2967", "CVE-2020-2925", "CVE-2019-2938", "CVE-2020-14725", "CVE-2020-14614"], "description": "mysql\n[8.0.21-1]\n- Rebase to 8.0.21\n- Use bundled libzstd and libevent for RHSCL and RHEL-8.0.0\n- Check that we have correct versions in bundled(*) Provides\n- Remove re2 bundled dependency\n[8.0.20-1]\n- Rebase to 8.0.20\n[8.0.19-2]\n- Specify all perl dependencies\n[8.0.19-1]\n- Rebase to 8.0.19\n[8.0.18-1]\n- Rebase to 8.0.18\n- Add libzstd-devel dependencies\n- Include patch to build against protobuf 3.11", "edition": 3, "modified": "2020-09-16T00:00:00", "published": "2020-09-16T00:00:00", "id": "ELSA-2020-3732", "href": "http://linux.oracle.com/errata/ELSA-2020-3732.html", "title": "mysql:8.0 security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2020-12-24T15:41:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2020-01-22T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-16T04:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2019-2946", "CVE-2019-2954", "CVE-2019-0220", "CVE-2019-2973", "CVE-2018-19362", "CVE-2019-2993", "CVE-2019-5435", "CVE-2019-2984", "CVE-2019-2734", "CVE-2019-2982", "CVE-2019-3012", "CVE-2019-2899", "CVE-2019-3863", "CVE-2019-2992", "CVE-2015-9251", "CVE-2019-2886", "CVE-2019-1547", "CVE-2019-2907", "CVE-2017-9735", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2968", "CVE-2016-7103", "CVE-2019-2945", "CVE-2019-2942", "CVE-2019-10247", "CVE-2017-17558", "CVE-2019-2955", "CVE-2019-10098", "CVE-2019-11358", "CVE-2019-3861", "CVE-2019-2943", "CVE-2019-0217", "CVE-2019-14540", "CVE-2019-3027", "CVE-2018-12384", "CVE-2018-12538", "CVE-2019-2940", "CVE-2019-2902", "CVE-2018-19361", "CVE-2019-2948", "CVE-2017-7657", "CVE-2019-2896", "CVE-2019-3000", "CVE-2019-3003", "CVE-2019-2883", "CVE-2019-2930", "CVE-2019-3025", "CVE-2016-5425", "CVE-2019-3015", "CVE-2019-2920", "CVE-2019-2915", "CVE-2017-7658", "CVE-2019-2983", "CVE-2018-15756", "CVE-2019-9936", "CVE-2019-2991", "CVE-2019-2926", "CVE-2018-14719", "CVE-2019-3026", "CVE-2019-2901", "CVE-2019-2966", "CVE-2019-3858", "CVE-2019-2995", "CVE-2019-2980", "CVE-2019-3024", "CVE-2019-2906", "CVE-2019-2999", "CVE-2019-2927", "CVE-2017-12626", "CVE-2019-2997", "CVE-2019-2959", "CVE-2019-3014", "CVE-2019-5436", "CVE-2019-2962", "CVE-2019-3004", "CVE-2019-2944", "CVE-2019-2952", "CVE-2019-0211", "CVE-2018-14720", "CVE-2016-0729", "CVE-2019-2974", "CVE-2019-3002", "CVE-2019-2964", "CVE-2019-2884", "CVE-2019-2960", "CVE-2019-2976", "CVE-2018-14718", "CVE-2018-8032", "CVE-2019-2898", "CVE-2019-2932", "CVE-2019-2971", "CVE-2019-2929", "CVE-2019-1549", "CVE-2019-0232", "CVE-2019-2900", "CVE-2019-12814", "CVE-2019-2897", "CVE-2019-12384", "CVE-2018-18065", "CVE-2019-2905", "CVE-2018-20685", "CVE-2019-9937", "CVE-2019-3020", "CVE-2019-2936", "CVE-2019-10082", "CVE-2019-2963", "CVE-2018-2875", "CVE-2019-3857", "CVE-2019-2949", "CVE-2019-2935", "CVE-2019-1563", "CVE-2019-3031", "CVE-2019-9511", "CVE-2018-12404", "CVE-2019-3008", "CVE-2019-1543", "CVE-2019-2910", "CVE-2019-2950", "CVE-2016-8610", "CVE-2018-1000873", "CVE-2018-1000007", "CVE-2018-7185", "CVE-2019-3010", "CVE-2019-2889", "CVE-2019-2888", "CVE-2019-2925", "CVE-2019-2961", "CVE-2015-5180", "CVE-2018-14721", "CVE-2019-2913", "CVE-2019-2922", "CVE-2019-3001", "CVE-2019-3005", "CVE-2019-10081", "CVE-2019-2891", "CVE-2019-2937", "CVE-2019-0215", "CVE-2019-6109", "CVE-2019-8457", "CVE-2019-3018", "CVE-2019-2994", "CVE-2019-2958", "CVE-2018-8034", "CVE-2019-3021", "CVE-2019-2887", "CVE-2019-2947", "CVE-2019-14439", "CVE-2019-16335", "CVE-2019-1552", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-2939", "CVE-2017-6056", "CVE-2018-18066", "CVE-2019-0196", "CVE-2019-2911", "CVE-2019-3022", "CVE-2018-12536", "CVE-2019-3856", "CVE-2017-7656", "CVE-2019-2996", "CVE-2019-10097", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-3862", "CVE-2019-2894", "CVE-2018-19360", "CVE-2019-2975", "CVE-2019-2972", "CVE-2019-2988", "CVE-2019-2904", "CVE-2019-10092", "CVE-2019-10072", "CVE-2017-16531", "CVE-2019-2998", "CVE-2019-17091", "CVE-2019-3855", "CVE-2019-2890", "CVE-2019-3859", "CVE-2019-2985", "CVE-2019-2951", "CVE-2019-2990", "CVE-2019-1559", "CVE-2018-1320", "CVE-2019-2923", "CVE-2018-3300", "CVE-2019-6111", "CVE-2019-2986", "CVE-2018-11784", "CVE-2018-8037", "CVE-2017-5645", "CVE-2019-3860", "CVE-2019-2953", "CVE-2019-2965", "CVE-2019-0188", "CVE-2019-3009", "CVE-2019-2941", "CVE-2016-4000", "CVE-2019-3023", "CVE-2019-2914", "CVE-2019-2979", "CVE-2019-2924", "CVE-2019-2981", "CVE-2019-3028", "CVE-2019-2765", "CVE-2019-2934", "CVE-2019-2987", "CVE-2019-2967", "CVE-2019-2977", "CVE-2018-11798", "CVE-2019-10246", "CVE-2018-12545", "CVE-2019-14379", "CVE-2019-2989", "CVE-2016-6814", "CVE-2019-2978", "CVE-2019-2970", "CVE-2019-2903", "CVE-2019-2933", "CVE-2019-5443", "CVE-2016-1000031", "CVE-2019-10241", "CVE-2019-2909", "CVE-2019-3017", "CVE-2019-2938", "CVE-2019-0227", "CVE-2019-2895", "CVE-2019-2872", "CVE-2019-2956", "CVE-2019-2931", "CVE-2018-16842", "CVE-2019-3019", "CVE-2019-2969", "CVE-2019-11068"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019-5072832", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}